Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your Computer is Locked / Connect to Internet White Screen


  • This topic is locked This topic is locked
27 replies to this topic

#1 sonuvabum

sonuvabum

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 December 2013 - 09:44 AM

Hi,

 

I began following this thread this morning...

http://www.bleepingcomputer.com/forums/t/493286/virus-please-connect-to-internet-white-screen/

 

...it describes my trouble fairly well. 

 

Dell Laptop, Latitude D530

Win XP Pro SP3

I have tried a couple of different removal processes and they always seem to find problems, but the system always reverts back to the same issues as before. 

 

I have tried Kapersky Rescue Disk. 

 

I have tried HitMan Pro. 

 

This morning before I began anything else, I removed my wireless card so that my laptop can no longer connect to the internet. 

 

I downloaded the OTLPES product and burned the disk. 

 

I booted the infected computer and ran the REATOGO-X-PE Desktop and ran the OTLPES app. 

 

Below is the text file that it generated. 

 

Any help you can offer will be appreciated. 

 

Thanks!

 

====================

 

OTL logfile created on: 12/20/2013 8:19:53 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 32.59 Gb Free Space | 29.17% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (HitmanPro37CrusaderBoot) HitmanPro 3.7 Crusader (Boot)
SRV - [2013/12/10 23:47:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/10 22:38:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/30 11:19:36 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/01 23:28:28 | 000,342,528 | ---- | M] (Alcatel-Lucent) [Auto] -- C:\Program Files\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/13 05:59:28 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/02/29 16:53:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/02 09:09:50 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- C:\iNEX\Client\mDNSResponder.exe -- (Bonjour Service)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Disabled] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/09/13 21:37:42 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/06/20 14:30:18 | 000,079,168 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2003/12/01 15:27:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto] -- C:\WINDOWS\system32\gearsec.exe -- (gearsec)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (WaveFDE)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWVsp)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWNSP)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWNET)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWMdm)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWFLT)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWCSP)
DRV - File not found [Kernel | On_Demand] --  -- (PTUMWBus)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (onbssboa)
DRV - File not found [Kernel | On_Demand] --  -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] --  -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] --  -- (MFE_RR)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/13 02:59:50 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/03/13 02:59:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/14 17:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 17:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/05/14 17:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 17:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/29 23:11:44 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/06/15 21:35:02 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/15 21:35:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/15 21:35:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/14 07:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/13 21:37:42 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/09/09 23:26:30 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/09/09 23:14:58 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 14:30:20 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/11/02 12:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.TEXPACFTW_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKU\Administrator.TEXPACFTW_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\Administrator.TEXPACFTW_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Administrator.TEXPACFTW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Gary.TEXPACFTW_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\Gary.TEXPACFTW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gary.TEXPACFTW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/10 22:37:56 | 000,000,000 | ---D | M]
 
[2013/12/10 22:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/10 22:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/10 22:38:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/13 22:10:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2013/09/08 19:03:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Administrator.TEXPACFTW_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Gary.TEXPACFTW_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC]  File not found
O4 - HKU\Gary.TEXPACFTW_ON_C..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\Guest_ON_C..\Run: [swg]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: KB7745705 = "C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\KB7745705\KB7745705.exe" ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB7745705 = "C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\KB7745705\KB7745705.exe" ()
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Gary.TEXPACFTW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} http://108.225.105.120/template/xWebView4.cab (xWebView4 Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266213604125 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354473722193 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: CabCCT https://www.bizatlarge.net/CCT/codebase/ActCtrl_Apptix.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = texpacftw.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/19 18:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\KB7745705
[2013/12/19 18:10:36 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/12/19 17:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Desktop
[2013/12/19 09:09:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/12/10 22:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/01 13:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary.TEXPACFTW\My Online Documents
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/19 18:11:21 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 18:11:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/19 18:10:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/12/19 18:10:36 | 000,003,224 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/12/19 18:10:36 | 000,000,270 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/12/19 18:07:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{60F7BEBF-AE92-4C67-9F1C-4EF5DC50CAE5}.job
[2013/12/19 18:05:32 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/19 18:03:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/19 17:55:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/19 17:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/18 22:04:21 | 000,001,740 | -H-- | M] () -- C:\Documents and Settings\Gary.TEXPACFTW\My Documents\Default.rdp
[2013/12/18 14:08:33 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\Gary.TEXPACFTW\Desktop\Scan Server.lnk
[2013/12/10 23:47:27 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/10 23:47:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/07 09:30:56 | 000,000,584 | ---- | M] () -- C:\WINDOWS\tasks\Gary.job
[2013/12/02 11:46:38 | 002,376,671 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3155391455-3271980689-604615877-1150-0.dat
[2013/12/02 11:46:33 | 000,275,142 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/12/02 10:55:14 | 000,000,546 | ---- | M] () -- C:\Documents and Settings\Gary.TEXPACFTW\Desktop\TPHS-Dat.lnk
[2013/12/01 15:21:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/01 15:14:15 | 000,000,596 | ---- | M] () -- C:\WINDOWS\tasks\Gary Merge.job
[2013/12/01 13:49:05 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2013/11/25 22:09:47 | 000,478,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/25 22:09:47 | 000,077,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/19 18:10:36 | 000,003,224 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/12/19 18:10:36 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/09/08 18:48:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/08 18:48:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/08 18:48:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/08 18:48:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/08 18:48:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/08 17:27:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\TrueSight.sys
[2013/02/20 23:14:46 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2013/01/03 11:55:00 | 000,210,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/30 12:10:39 | 000,001,615 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2012/12/29 20:49:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/06 08:36:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\LOG
[2012/05/02 23:21:53 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/04/22 15:12:22 | 004,424,704 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/04/08 18:40:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/08 18:39:46 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/04/08 18:39:32 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/04/08 18:39:32 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/04/08 18:39:30 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/04/08 18:39:30 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/04/08 18:39:28 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/04/08 18:39:28 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/04/08 18:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/03/29 09:21:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/03/29 09:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/03/29 09:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/03/29 09:21:18 | 000,374,152 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/03/29 09:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/03/29 09:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2012/03/25 08:42:05 | 002,376,671 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3155391455-3271980689-604615877-1150-0.dat
[2012/03/25 08:42:04 | 000,275,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/20 12:24:28 | 000,000,023 | ---- | C] () -- C:\WINDOWS\XWEBVI~1.INI
[2012/03/13 23:31:16 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/02 11:50:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.TEXPACFTW\Local Settings\Application Data\WavXMapDrive.bat
[2012/03/02 01:30:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/08 14:46:57 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.DLL
[2012/02/08 14:46:57 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2012/02/08 14:46:56 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2012/02/08 14:46:56 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2012/02/02 16:42:54 | 000,037,746 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Comma Separated Values (Windows).ADR
[2012/02/02 16:42:54 | 000,010,357 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\.googlewebacchosts
[2012/02/02 16:42:54 | 000,008,762 | ---- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Comma Separated Values (Windows).TSK
[2012/02/02 16:42:54 | 000,002,961 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\ACT_4254500.prf
[2012/02/02 16:42:54 | 000,002,957 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\ACT_402078.prf
[2012/02/02 16:42:54 | 000,002,957 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\ACT_2436484.prf
[2012/02/02 16:42:54 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\$_hpcst$.hpc
[2012/02/02 15:44:11 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/26 16:21:08 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/01/14 16:16:40 | 000,000,365 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI
[2012/01/13 14:15:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\WavXMapDrive.bat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2011/09/07 22:30:45 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fz
[2011/09/07 22:30:45 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~P1kAlMiG2Kb7Fzr
[2011/09/07 22:30:36 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\P1kAlMiG2Kb7Fz
[2011/08/21 12:08:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_8500.ini
[2011/08/21 12:08:11 | 000,000,087 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2011/06/17 15:44:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\G711Codec.dll
[2011/06/09 20:26:30 | 000,199,680 | ---- | C] () -- C:\WINDOWS\System32\MyAVCD.dll
[2011/06/01 20:19:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ArchiveHelper.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2010/05/14 16:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 16:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 16:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 16:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/11 10:13:36 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/05/11 10:12:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/05/11 10:12:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/05/11 10:01:52 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/05/11 10:01:52 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/05/11 10:00:06 | 000,000,009 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/05/11 10:00:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/04/22 21:32:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\WavXMapDrive.bat
[2009/11/05 19:50:52 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\AdpcmIVNet.dll
[2009/08/11 16:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 16:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/11 17:22:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/10 16:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/20 05:48:49 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/09/20 05:48:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4859.dll
[2008/09/20 05:48:49 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/09/20 05:48:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/09/20 05:47:58 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/09/20 03:17:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/09/20 03:17:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
[2008/09/20 03:14:38 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/20 03:14:36 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/09/20 03:14:35 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,478,168 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,077,984 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,275,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/01/23 15:59:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AdpcmCodec.dll
[2008/01/23 15:48:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\G723Codec.dll
[2008/01/23 15:41:30 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\M4VAPDec.dll
[2007/03/30 23:18:06 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2007/03/02 05:26:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SaveImage2.dll
[2007/01/26 01:33:18 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/03 23:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
 
========== LOP Check ==========
 
[2008/09/20 03:11:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Wave Systems Corp
[2012/01/18 01:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.TEXPACFTW\Application Data\Spearit
[2008/09/20 03:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.TEXPACFTW\Application Data\Wave Systems Corp
[2012/01/18 01:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spearit
[2008/09/20 03:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2013/04/26 00:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Amazon
[2013/07/02 14:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\ATT Connect
[2012/02/02 17:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Bytemobile
[2012/11/19 12:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\CreditCardRecordkeeping
[2012/02/02 17:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\DBUpdater
[2012/02/02 17:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Leadertech
[2013/01/05 22:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\MB4Outlook
[2013/12/04 11:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\MediaMonkey
[2013/01/05 20:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Mobisynapse
[2012/02/02 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Octoshape
[2012/02/02 16:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\OfficeUpdate12
[2012/02/02 16:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Samsung
[2013/10/28 00:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Seagate
[2012/02/02 16:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Sierra Wireless
[2012/02/02 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Smith Micro
[2012/02/02 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\SolSuite
[2012/02/02 16:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Spearit
[2013/02/20 23:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Stamps.com Internet Postage
[2012/02/02 16:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\TPC01
[2012/02/02 16:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\W Photo Studio Viewer
[2012/02/02 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Walgreens
[2008/09/20 03:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Wave Systems Corp
[2012/02/02 16:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\webex
[2012/02/02 16:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Weight Loss Program
[2010/07/13 08:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\ScanSoft
[2012/01/18 04:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Spearit
[2008/09/20 03:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Wave Systems Corp
[2012/01/18 04:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2012/01/18 04:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2012/08/15 22:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdFender
[2012/01/18 00:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2012/11/16 18:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CreditCardRecordkeeping
[2013/12/19 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/01/17 22:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Laplink
[2012/12/29 22:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2012/01/18 00:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2012/01/18 00:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/01/14 14:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/10/28 00:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/01/18 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2012/01/18 01:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spearit
[2012/01/18 00:27:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2011/08/19 21:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2012/01/18 00:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weight Loss Program
[2012/01/18 00:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2012/01/18 00:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/10/28 00:41:11 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Gary DBAgent 2 0.job
[2013/12/01 15:14:15 | 000,000,596 | ---- | M] () -- C:\WINDOWS\Tasks\Gary Merge.job
[2013/12/07 09:30:56 | 000,000,584 | ---- | M] () -- C:\WINDOWS\Tasks\Gary.job
[2013/10/28 00:41:11 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Seagate_Install_Launch.job
[2013/12/19 18:07:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F7BEBF-AE92-4C67-9F1C-4EF5DC50CAE5}.job
 
========== Purity Check ==========
 
 
< End of report >
 

 



BC AdBot (Login to Remove)

 


#2 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 December 2013 - 12:34 PM

Update:

Re-Ran HitMan Pro (Kickstart - 3 times back to back) until it came back with no hits. 

At this point, I disconnected all access to the internet and was able to successively log into Windows. 

Then as quickly as possible after boot, I ran TDSS-Killer form Kaspersky and it came up clean. 

Now, I am running MalwareBytes (Full Scan) to be sure there are no dregs from anything remaining. 

We'll see if this works. 

Any other suggestions would be appreciated. 

Thanks,

Gary



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 PM

Posted 20 December 2013 - 04:37 PM





Hello sonuvabum

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 December 2013 - 05:11 PM

Finished off by running ComboFix and nothing has shown up. 

 

I'll consider this issue closed for now. 

 

Gary

 

 



#5 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 December 2013 - 05:13 PM

Oops.  Just saw your reply. 

Yes, I can run another log for you. 

Happy to do it. 

G~



#6 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 20 December 2013 - 05:27 PM

FRST File:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by Gary (administrator) on TPHS-55 on 20-12-2013 16:20:46
Running from C:\Documents and Settings\Gary.TEXPACFTW\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Apple Inc.) C:\iNEX\Client\mDNSResponder.exe
(GEAR Software) C:\WINDOWS\system32\gearsec.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(SigmaTel, Inc.) C:\WINDOWS\system32\stacsv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Knowles Acoustics) C:\WINDOWS\system32\KADxMain.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [2220032 2008-06-29] (Dell Inc.)
HKLM\...\Run: [KADxMain] - C:\WINDOWS\system32\KADxMain.exe [282624 2006-11-02] (Knowles Acoustics)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [640440 2012-01-03] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [DBAgent] - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517640 2013-05-30] (Seagate Technology LLC)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Uploader] - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-05-30] (Seagate Technology LLC)
HKU\Guest\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} http://108.225.105.120/template/xWebView4.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266213604125
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.11 12.127.17.71 12.127.17.72

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Mozilla\Firefox\Profiles\2xkegdlm.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Xmarks - C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Mozilla\Firefox\Profiles\2xkegdlm.default\Extensions\foxmarks@kei.com
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

========================== Services (Whitelisted) =================

R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79168 2007-06-20] (Broadcom Corporation)
R2 Bonjour Service; C:\iNEX\Client\mDNSResponder.exe [238888 2011-12-02] (Apple Inc.)
R2 gearsec; C:\WINDOWS\system32\gearsec.exe [53248 2003-12-01] (GEAR Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
S4 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2008-02-22] (Dell Inc.)
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-04-01] (Alcatel-Lucent)
S4 RemoteAccess; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-09-13] (SigmaTel, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1961984 2008-06-29] (Dell Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2007-06-20] (Broadcom Corporation)
S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1287552 2008-06-29] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210688 2008-06-15] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985472 2008-06-15] (Conexant Systems, Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl94be4be8; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{558B1CFC-E150-48CF-9D7D-F16190BB4E9F}\MpKsl94be4be8.sys [40392 2013-12-20] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA))
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-09-13] (SigmaTel, Inc.)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-14] (Microsoft Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MFE_RR; \??\C:\DOCUME~1\GARY~1.TEX\LOCALS~1\Temp\mfe_rr.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S1 onbssboa; \??\C:\WINDOWS\system32\drivers\onbssboa.sys [x]
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [x]
S3 PTUMWCSP; system32\DRIVERS\PTUMWCSP.sys [x]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [x]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [x]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [x]
S3 PTUMWNSP; system32\DRIVERS\PTUMWNSP.sys [x]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [x]
S3 WaveFDE; system32\DRIVERS\WaveFDE.sys [x]
U3 mbr; \??\C:\DOCUME~1\GARY~1.TEX\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-20 16:20 - 2013-12-20 16:21 - 00014260 _____ C:\Documents and Settings\Gary.TEXPACFTW\Desktop\FRST.txt
2013-12-20 16:20 - 2013-12-20 16:20 - 00000000 ____D C:\FRST
2013-12-20 16:20 - 2013-12-20 16:19 - 01325858 _____ (Farbar) C:\Documents and Settings\Gary.TEXPACFTW\Desktop\FRST.exe
2013-12-20 15:35 - 2013-12-20 15:35 - 00012762 _____ C:\ComboFix.txt
2013-12-20 15:28 - 2013-12-20 15:28 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-20 10:36 - 2013-12-20 10:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-20 10:32 - 2013-12-20 10:32 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-12-20 07:22 - 2013-12-20 07:22 - 00090360 _____ C:\OTL.Txt
2013-12-19 17:10 - 2013-12-19 17:10 - 00003224 _____ C:\WINDOWS\system32\.crusader
2013-12-19 08:09 - 2013-12-19 09:27 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-12-10 21:37 - 2013-12-10 21:38 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-20 16:21 - 2013-12-20 16:20 - 00014260 _____ C:\Documents and Settings\Gary.TEXPACFTW\Desktop\FRST.txt
2013-12-20 16:20 - 2013-12-20 16:20 - 00000000 ____D C:\FRST
2013-12-20 16:19 - 2013-12-20 16:20 - 01325858 _____ (Farbar) C:\Documents and Settings\Gary.TEXPACFTW\Desktop\FRST.exe
2013-12-20 16:17 - 2011-08-19 22:15 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F7BEBF-AE92-4C67-9F1C-4EF5DC50CAE5}.job
2013-12-20 16:12 - 2008-04-25 15:28 - 01695112 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-20 16:10 - 2012-02-14 16:36 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\My Documents\Malware Removal
2013-12-20 16:09 - 2012-01-13 13:11 - 00000136 _____ C:\WINDOWS\system32\config\netlogon.ftl
2013-12-20 16:03 - 2013-01-05 18:32 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 16:02 - 2008-04-25 15:32 - 00032042 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-20 15:47 - 2012-10-16 13:40 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-20 15:39 - 2013-09-09 00:55 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-12-20 15:35 - 2013-12-20 15:35 - 00012762 _____ C:\ComboFix.txt
2013-12-20 15:35 - 2013-09-08 17:47 - 00000000 ____D C:\Qoobox
2013-12-20 15:35 - 2008-04-25 15:32 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-20 15:30 - 2013-01-05 18:32 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 15:30 - 2008-04-25 10:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-20 15:30 - 2008-04-25 10:16 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-20 15:29 - 2010-05-11 08:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-20 15:29 - 2010-05-11 08:35 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-20 15:29 - 2008-04-25 15:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-20 15:28 - 2013-12-20 15:28 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-12-20 15:28 - 2013-12-20 15:28 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG
2013-12-20 15:28 - 2013-09-08 17:47 - 00000000 ____D C:\WINDOWS\erdnt
2013-12-20 15:28 - 2012-01-13 13:15 - 00000178 ___SH C:\Documents and Settings\Gary.TEXPACFTW\ntuser.ini
2013-12-20 15:28 - 2008-04-25 03:21 - 36700160 _____ C:\WINDOWS\system32\config\software.bak
2013-12-20 15:28 - 2008-04-25 03:21 - 10223616 _____ C:\WINDOWS\system32\config\system.bak
2013-12-20 15:28 - 2008-04-25 03:21 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-12-20 15:28 - 2008-04-25 03:21 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-12-20 14:36 - 2012-01-13 13:15 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW
2013-12-20 10:40 - 2008-04-25 03:17 - 00000000 ____D C:\WINDOWS\security
2013-12-20 10:36 - 2013-12-20 10:36 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-20 10:32 - 2013-12-20 10:32 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2013-12-20 10:03 - 2012-01-13 13:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-20 07:22 - 2013-12-20 07:22 - 00090360 _____ C:\OTL.Txt
2013-12-19 17:10 - 2013-12-19 17:10 - 00003224 _____ C:\WINDOWS\system32\.crusader
2013-12-19 17:10 - 2013-09-08 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-12-19 16:59 - 2008-04-25 15:32 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-19 16:56 - 2013-10-15 15:46 - 00016766 _____ C:\WINDOWS\setupapi.log
2013-12-19 09:27 - 2013-12-19 08:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-12-18 21:04 - 2012-01-13 13:34 - 00001740 ____H C:\Documents and Settings\Gary.TEXPACFTW\My Documents\Default.rdp
2013-12-18 13:08 - 2012-02-02 21:52 - 00000470 _____ C:\Documents and Settings\Gary.TEXPACFTW\Desktop\Scan Server.lnk
2013-12-16 06:56 - 2012-02-02 21:51 - 00000000 ____D C:\Documents and Settings\All Users\Documents\LapTop Share
2013-12-15 22:22 - 2012-02-02 14:54 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\My Documents\Personal
2013-12-10 22:47 - 2012-04-02 07:30 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-10 22:47 - 2012-02-05 08:30 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-10 21:41 - 2012-08-28 00:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-10 21:38 - 2013-12-10 21:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-07 08:30 - 2013-10-27 23:49 - 00000584 _____ C:\WINDOWS\Tasks\Gary.job
2013-12-05 21:03 - 2012-02-02 16:10 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\Local Settings\Application Data\CutePDF Writer
2013-12-04 10:36 - 2012-12-29 21:31 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\Application Data\MediaMonkey
2013-12-02 10:46 - 2012-03-25 07:42 - 02376671 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3155391455-3271980689-604615877-1150-0.dat
2013-12-02 10:46 - 2012-03-25 07:42 - 00275142 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-12-02 09:55 - 2012-02-02 21:52 - 00000546 _____ C:\Documents and Settings\Gary.TEXPACFTW\Desktop\TPHS-Dat.lnk
2013-12-01 14:21 - 2012-12-29 19:49 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-01 14:14 - 2013-10-27 23:49 - 00000596 _____ C:\WINDOWS\Tasks\Gary Merge.job
2013-12-01 12:49 - 2013-10-27 23:37 - 00002419 _____ C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
2013-12-01 11:43 - 2012-02-02 14:53 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\My Documents\TurboTax
2013-12-01 11:42 - 2012-02-02 21:51 - 00000000 ____D C:\Documents and Settings\Gary.TEXPACFTW\Desktop\Receipts
2013-11-25 21:09 - 2008-04-25 03:22 - 00566380 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-22 09:41 - 2011-10-20 14:15 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
ZeroAccess:
C:\Program Files\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Addition File:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02
Ran by Gary at 2013-12-20 16:21:34
Running from C:\Documents and Settings\Gary.TEXPACFTW\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

2007 Microsoft Office system (Version: 12.0.6612.1000)
AdFender (Version: 1.60)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.5.0)
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AT&T Portal
Broadcom ASF Management Applications (Version: 10.16.02)
Broadcom Management Programs (Version: 10.20.03)
Bully Dog Update Agent (HKCU Version: 1.1.3.7)
CameraHelperMsi (Version: 13.00.1774.0)
CCleaner (Version: 3.22)
Citrix Online Launcher (Version: 1.0.135)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Creative MediaSource (Version: 3.00)
Creative Zen Micro (Version: 1.0)
CutePDF Writer 2.8
davehope.co.uk Product Key Finder
Dell Touchpad (Version: 7.1.102.7)
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
EPSON TWAIN 5
erLT (Version: 1.20.138.34)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
HijackThis 2.0.2 (Version: 2.0.2)
iNEX Client (Version: 1.7.1901)
iNEX Common Programs (Version: 1.7.1901)
Intel® Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement (Version: 2.1.37)
IrfanView (remove only) (Version: 4.32)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
join.me (HKCU Version: 1.7.0.138)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.00.1777.0)
LWS Gallery (Version: 13.00.1778.0)
LWS Help_main (Version: 13.00.1783.0)
LWS Launcher (Version: 13.00.1776.0)
LWS Motion Detection (Version: 13.00.1778.0)
LWS Pictures And Video (Version: 13.00.1778.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.00.1777.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Codec Pack 4.2.0 (Version: 4.2.0)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
MixMeister Express 6 (Version: 6.1.3.0)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Palm Desktop
PaperPort Image Printer (Version: 1.00.0000)
Picasa 3 (Version: 3.9)
PL-2303 USB-to-Serial (Version: 1.00.000)
PowerDVD (Version: 8.0)
Quicken 2012 (Version: 21.1.7.18)
QuickSet (Version: 8.3.17)
Remote Control USB Driver (Version: 2.3.2.317)
Seagate Dashboard 2.0 (Version: 2.2.29.0)
Skype™ 5.10 (Version: 5.10.116)
Sony USB Driver
swMSM (Version: 12.0.0.1)
The Ultimate Troubleshooter
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wrapper (Version: 012.000.0127)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Wireless UM190 Firmware Updates (Version: 1.0.3)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools (Version: 5.1.2600.2180)
WinZip 12.0 (Version: 12.0.8252)
Xmarks for IE (Version: 127.0.154)
Xmarks for IE (Version: 127.0.162)
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

20-12-2013 22:11:03 Software Distribution Service 3.0

==================== Hosts content: ==========================

2008-04-25 10:16 - 2013-12-20 15:30 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Gary DBAgent 2 0.job => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
Task: C:\WINDOWS\Tasks\Gary Merge.job => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: C:\WINDOWS\Tasks\Gary.job => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Seagate_Install_Launch.job => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F7BEBF-AE92-4C67-9F1C-4EF5DC50CAE5}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-09-20 02:14 - 2008-06-29 22:11 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2012-01-26 15:21 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2012-02-08 13:46 - 2011-04-02 16:03 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
2012-02-08 13:46 - 2011-04-02 16:03 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2008-09-20 02:14 - 2008-06-29 22:11 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2012-02-29 21:38 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2012-02-29 21:38 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2010-05-07 17:35 - 2010-05-07 17:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 17:35 - 2010-05-07 17:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 17:36 - 2010-05-07 17:36 - 00921944 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2010-05-07 17:37 - 2010-05-07 17:37 - 00290648 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2013 10:45:26 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (12/20/2013 10:45:13 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (12/20/2013 10:45:13 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (12/20/2013 10:23:44 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (12/20/2013 10:23:44 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (12/20/2013 10:03:51 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (12/20/2013 10:03:51 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (12/19/2013 04:41:02 PM) (Source: ESENT) (User: )
Description: Catalog Database (1208) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\tmp.edb. Error -1022.

Error: (12/19/2013 04:41:02 PM) (Source: ESENT) (User: )
Description: svchost (1208) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The open file operation will fail with error -1022 (0xfffffc02).

Error: (12/19/2013 04:41:02 PM) (Source: ESENT) (User: )
Description: svchost (1208) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).


System errors:
=============
Error: (12/20/2013 04:10:46 PM) (Source: 0) (User: )
Description: 0xC0000043ComboFix.exeHarddiskVolume2

Error: (12/20/2013 03:29:42 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PDFill PDF&Image Writer failed to initialize because a suitable PDFill Writer driver could not be found.

Error: (12/20/2013 03:29:42 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

Error: (12/20/2013 03:22:35 PM) (Source: Service Control Manager) (User: )
Description: The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/20/2013 03:20:52 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (12/20/2013 03:20:46 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (12/20/2013 02:38:02 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PDFill PDF&Image Writer failed to initialize because a suitable PDFill Writer driver could not be found.

Error: (12/20/2013 02:38:02 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

Error: (12/20/2013 10:45:14 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer PDFill PDF&Image Writer failed to initialize because a suitable PDFill Writer driver could not be found.

Error: (12/20/2013 10:45:14 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.


Microsoft Office Sessions:
=========================
Error: (11/07/2013 03:06:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24712 seconds with 1200 seconds of active time.  This session ended with a crash.

Error: (12/19/2012 03:14:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4023 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (07/09/2012 10:56:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5842 seconds with 1920 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2038.29 MB
Available physical RAM: 1292.76 MB
Total Pagefile: 3930.84 MB
Available Pagefile: 3332.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.72 GB) (Free:35.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive g: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive h: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive l: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive m: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive p: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive s: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive t: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS
Drive w: (Data) (Network) (Total:735.92 GB) (Free:641.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 PM

Posted 20 December 2013 - 08:31 PM

Hello sonuvabum



I need you to download this script I have made for you --> Attached File  fixlist.txt   104bytes   6 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 21 December 2013 - 03:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2013 02
Ran by Gary at 2013-12-21 14:45:38 Run:1
Running from C:\Documents and Settings\Gary.TEXPACFTW\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S1 onbssboa; \??\C:\WINDOWS\system32\drivers\onbssboa.sys [x]
C:\Program Files\Google\Desktop\Install

*****************

onbssboa => Service deleted successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 PM

Posted 21 December 2013 - 08:25 PM



Hello sonuvabum

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 December 2013 - 08:18 AM

# AdwCleaner v3.015 - Report created 22/12/2013 at 07:12:41
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gary - TPHS-55
# Running from : C:\Documents and Settings\Gary.TEXPACFTW\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Mozilla\Firefox\Profiles\2xkegdlm.default\prefs.js ]

[ File : C:\Documents and Settings\Gary.TEXPACFTW\Application Data\Mozilla\Firefox\Profiles\nwtd295y.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1620 octets] - [22/12/2013 07:10:24]
AdwCleaner[S0].txt - [1555 octets] - [22/12/2013 07:12:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1615 octets] ##########



#11 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 December 2013 - 08:32 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Gary on Sun 12/22/2013 at  7:24:11.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at  7:30:32.59
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 PM

Posted 22 December 2013 - 11:25 AM


Hello sonuvabum

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 December 2013 - 12:06 PM

Hi,

 

I actually ran ComboFix on Friday afternoon and it appears to have come up clean. 

You see my posts from Friday to see everything else that I had done. 

 

Machine is running good and has been since Friday afternoon.  No issues. 

It seems to be running as good as it ever has.

 

Below is the ComboFix .txt file from Friday. 

 

I'll post a Hijackthis log as well. 

 

If you see anytihng suspicious, please let me know. 

 

Thanks,

 

Gary

 

=====================

 

ComboFix 13-12-20.01 - Gary 12/20/2013  15:22:49.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1242 [GMT -6:00]
Running from: c:\documents and settings\Gary.TEXPACFTW\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-20 to 2013-12-20  )))))))))))))))))))))))))))))))
.
.
2013-12-20 16:56 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A244C279-C156-47F2-AA46-F0785DC5A2BA}\mpengine.dll
2013-12-20 16:36 . 2013-12-20 16:36 -------- d-----w- c:\program files\HitmanPro
2013-12-20 16:32 . 2013-12-20 16:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-12-19 14:28 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-19 14:09 . 2013-12-19 15:27 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-12-01 18:49 . 2013-12-01 18:49 -------- d-----w- c:\documents and settings\Gary.TEXPACFTW\My Online Documents
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 04:47 . 2012-04-02 13:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 04:47 . 2012-02-05 14:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2011-08-20 04:28 230048 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2013-05-30 122984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-10 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-01-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"DBAgent"="c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2013-05-30 1517640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe -autostart [2012-6-20 2772112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
"c:\\Program Files\\Common Files\\Motive\\pcServiceHost.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard 2.0\\Dashboard.exe"=
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 1:30 PM 79168]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [12/1/2003 2:27 PM 53248]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 11:37 AM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/11/2012 9:03 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/20/2011 2:05 PM 701512]
R2 pcServiceHost;pcServiceHost;c:\program files\Common Files\Motive\pcServiceHost.exe [9/18/2013 7:03 PM 342528]
R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [5/30/2013 10:19 AM 16000]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/20/2011 2:05 PM 22856]
S1 onbssboa;onbssboa;\??\c:\windows\system32\drivers\onbssboa.sys --> c:\windows\system32\drivers\onbssboa.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\GARY~1.TEX\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\GARY~1.TEX\LOCALS~1\Temp\mfe_rr.sys [?]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys --> c:\windows\system32\DRIVERS\PTUMWBus.sys [?]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\DRIVERS\PTUMWCSP.sys --> c:\windows\system32\DRIVERS\PTUMWCSP.sys [?]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys --> c:\windows\system32\DRIVERS\PTUMWFLT.sys [?]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys --> c:\windows\system32\DRIVERS\PTUMWMdm.sys [?]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys --> c:\windows\system32\DRIVERS\PTUMWNET.sys [?]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\DRIVERS\PTUMWNSP.sys --> c:\windows\system32\DRIVERS\PTUMWNSP.sys [?]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys --> c:\windows\system32\DRIVERS\PTUMWVsp.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:47]
.
2013-10-28 c:\windows\Tasks\Gary DBAgent 2 0.job
- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30 16:19]
.
2013-12-01 c:\windows\Tasks\Gary Merge.job
- c:\program files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30 16:21]
.
2013-12-07 c:\windows\Tasks\Gary.job
- c:\program files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30 16:21]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 00:32]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 00:32]
.
2013-12-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 21:49]
.
2013-10-28 c:\windows\Tasks\Seagate_Install_Launch.job
- c:\program files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-05-30 16:19]
.
2013-12-20 c:\windows\Tasks\User_Feed_Synchronization-{60F7BEBF-AE92-4C67-9F1C-4EF5DC50CAE5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.11 12.127.17.71 12.127.17.72
DPF: CabCCT - hxxps://www.bizatlarge.net/CCT/codebase/ActCtrl_Apptix.cab
DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} - hxxp://108.225.105.120/template/xWebView4.cab
FF - ProfilePath - c:\documents and settings\Gary.TEXPACFTW\Application Data\Mozilla\Firefox\Profiles\2xkegdlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-20 15:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(496)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\JBNSRES.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\inex\Client\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\StacSV.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\AdFender\AdFender.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2013-12-20  15:35:37 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-20 21:35
ComboFix2.txt  2013-09-09 00:05
ComboFix3.txt  2010-07-20 23:58
.
Pre-Run: 35,160,023,040 bytes free
Post-Run: 35,868,434,432 bytes free
.
- - End Of File - - BA8A2A5261ADB3F635D2D4E9E5AD3C91
5C616939100B85E558DA92B899A0FC36
 



#14 sonuvabum

sonuvabum
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:09 PM

Posted 22 December 2013 - 12:14 PM

As noted above, I elected to post a copy of the hijackthis log. 

See below...

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:38 AM, on 12/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\svchost.exe
C:\iNEX\Client\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\pcServiceHost.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdFender\AdFender.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080920
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKCU\..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdFender.lnk = C:\Program Files\AdFender\AdFender.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O16 - DPF: CabCCT - https://www.bizatlarge.net/CCT/codebase/ActCtrl_Apptix.cab
O16 - DPF: {042134DD-BB44-43FC-A74F-B80FBD465925} (xWebView4 Control) - http://108.225.105.120/template/xWebView4.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266213604125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354473722193
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = texpacftw.local
O17 - HKLM\Software\..\Telephony: DomainName = texpacftw.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = texpacftw.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = texpacftw.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = texpacftw.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\iNEX\Client\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcServiceHost.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10732 bytes



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:09 PM

Posted 22 December 2013 - 03:51 PM


Hello sonuvabum

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users