Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Processes/Websites Running in Background


  • This topic is locked This topic is locked
13 replies to this topic

#1 jrturnerxln

jrturnerxln

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 10 March 2014 - 02:14 PM

Over the past week or so I've noticed that my laptop (running Windows XP) has been running extremely slow.  Upon review of active processes in task manager, I notice several occurrences of explorer.exe, chrome.exe, iexplore.exe, svhchost.exe, dllhost.exe, etc., even when I don't have a browser open.  Our 3rd party IT support professionals have attempted to remove the viruses/malware that seem to be affecting my machine.

 

They have run rkill, combofix and Malwarebytes on consecutive days.  The system seems to run better for a few hours and then, without warning, the system will come to a near stand-still.  I keep having websites pop-up on my screen even when I don’t have a browser open.

 

The only way for me to actually get back to the application(s) that I’m working on (Word, Excel, Acad, Adobe, Outlook, etc.) is to go to the task manager and select “Switch To” making sure the application that I desire is highlighted.  There is no way to minimize the ads when they pop-up.  They simply freeze my screen.  This becomes necessary in order for me to save anything that I may be working on when the ads pop-up.  A system re-boot is my only option after saving my files.

 

Our IT support professionals want to re-format my hard drive which I prefer not to do for obvious reasons.

 

I ran personally rkill and Malwarebytes (full scan) multiple times over the weekend.  Each time the results were different.  For example, Malwarebytes was able to find 4 threads, 0 threats, blue screen of death, 8 threats, 0 threats, 0 threats, 4 threats, etc.  There seemed to be no consistency.

 

 

I posted this same information in another Forum, "Is My Computer Infected, What Do I Do", and received what I hope will eventually be good advice.  I've downloaded DDS.com to my desktop and have ran the program.  However, only the attache.txt file was created despite having both boxes attach.txt and DDS.txt checked.  I've attempted to run the program several times without success of creating the DDS.txt file.  On two (2) separate occurrences, a dialogue box opened stating "DDS, Doesn't Do Squat".

 

It appears that whatever virus is on my system is aware that the DDS.txt log file is an important part of removing it.  I also received the "Blue Screen of Death" after one failed attempt at creating the DDS.txt file.  I'm not sure if these occurrences are related or if my system is simply just full of junk.

 

I did notice an odd file named "TDSSKiller.2.9.2.0_16.08.2013_09.27.28_log.txt on my C: drive which I've attached for reference.

 

Sincere Thanks,

Jeff

Attached File  attach(latest).txt   9.3KB   0 downloads

Attached File  Rkill.txt   4.48KB   2 downloads

Attached File  TDSSKiller.2.9.2.0_16.08.2013_09.27.28_log.txt   108.04KB   3 downloads

Attached File  ComboFix.txt   30.95KB   5 downloads

 

 

 



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 10 March 2014 - 02:21 PM

Hello Jeff,

your computer looks severely infected indeed.
Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 10 March 2014 - 02:43 PM

aharonov,

 

The requested *.txt files are attached.

 

FRST.txt (Begin)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014

Ran by jturner (administrator) on JEFF-XP-NEW1 on 10-03-2014 15:37:43
Running from C:\Documents and Settings\jturner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(IDT, Inc.) c:\program files\idt\wdm\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZDPMACTL.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZScheduler.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZServerPlus.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZWatchDog.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtdrHlpDk.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mlauncher.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SBAMTray] - C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe [669008 2010-01-04] (Sunbelt Software)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [GoToMeeting] - C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe [40816 2013-09-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1261472 2012-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Ahwworks] - regsvr32.exe "C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll"
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Policies\Explorer: [] 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC67412F43028CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.4
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (HelperApps) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffpbmldpodpcolmapfcjkjkcfgbggmhl [2013-12-11]
CHR Extension: (Tidy Network) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjojdpkgkmjbkfffeohjpejgoelkbhkl [2013-12-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (FindWide Toolbar) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd [2013-12-11]
CHR Extension: (Gmail) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 CommunicatorSvc; C:\Program Files\Power Monitors, Inc\ProVision\CommunicatorSvc.exe [53248 2012-09-19] (Power Monitors, Inc)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-09-02] (Flexera Software LLC)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1319768 2013-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-05-02] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-28] ()
R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [78664 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [77824 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [77824 2009-04-30] (Zenith Infotech Ltd)
R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S2 SBAMSvc; C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe [1012080 2010-01-04] (Sunbelt Software)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-03-10] (IDT, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2404352 2010-02-02] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-02] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [240344 2009-08-04] (Intel Corporation)
R3 eppvad_simple; C:\WINDOWS\System32\drivers\EMP_UDAU.sys [17664 2008-05-14] (SEIKO EPSON CORPORATION)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2014-01-14] ()
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [28416 2013-03-13] (Citrix Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)
R3 radpms; C:\WINDOWS\System32\DRIVERS\radpms.sys [13408 2010-05-31] (LogMeIn, Inc.)
R3 ROCKEYNT; C:\WINDOWS\System32\DRIVERS\Rockey4.sys [22016 2012-06-04] (Feitian Technologies Co., Ltd.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [13360 2009-05-13] (Sunbelt Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [69936 2009-08-10] (Sunbelt Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [95024 2009-10-13] (Sunbelt Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [203056 2009-07-15] (Sunbelt Software)
R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232744 2009-03-24] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2010-03-10] (IDT, Inc.)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [196384 2011-01-30] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; No ImagePath
U2 CertPropSvc; 
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-10 15:37 - 2014-03-10 15:37 - 00020820 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-10 15:35 - 2014-03-10 15:37 - 00000000 ____D () C:\FRST
2014-03-10 15:35 - 2014-03-10 15:34 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:36 - 2014-03-10 14:35 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 14:14 - 2014-03-10 13:54 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 14:09 - 2014-03-10 15:19 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-08 15:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-02-27 12:03 - 2014-02-27 15:16 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2014-02-12 16:37 - 00000347 _____ () C:\Boot.bak
2014-02-24 12:00 - 2004-08-04 00:00 - 00260272 __RSH () C:\cmldr
2014-02-24 11:57 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 11:57 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 11:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 11:54 - 2014-03-03 17:16 - 00000000 ____D () C:\Qoobox
2014-02-24 11:53 - 2014-03-03 16:59 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-21 15:32 - 2014-03-10 14:46 - 00000071 _____ () C:\WINDOWS\system32\yeorwey.yof
2014-02-21 15:21 - 2014-02-21 15:21 - 00000064 _____ () C:\WINDOWS\system32\thezlth.dfw
2014-02-21 15:21 - 2014-02-21 15:21 - 00000000 _____ () C:\WINDOWS\system32\asiepmf.abb
2014-02-21 15:05 - 2014-02-21 15:05 - 00105465 ____S () C:\WINDOWS\system32\stgdlhu.iwi
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
 
==================== One Month Modified Files and Folders =======
 
2014-03-10 15:37 - 2014-03-10 15:37 - 00020820 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-10 15:37 - 2014-03-10 15:35 - 00000000 ____D () C:\FRST
2014-03-10 15:34 - 2014-03-10 15:35 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:30 - 2012-05-29 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-10 15:27 - 2010-12-20 17:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 15:19 - 2014-03-10 14:09 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-10 14:48 - 2014-01-22 11:31 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219UA.job
2014-03-10 14:48 - 2014-01-22 11:31 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219Core.job
2014-03-10 14:46 - 2014-02-21 15:32 - 00000071 _____ () C:\WINDOWS\system32\yeorwey.yof
2014-03-10 14:44 - 2010-12-22 18:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 14:44 - 2010-12-20 11:47 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:42 - 2010-12-20 11:44 - 01196536 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-10 14:41 - 2010-12-20 12:28 - 00000000 ____D () C:\Program Files\SAAZOD
2014-03-10 14:38 - 2010-12-22 18:28 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 14:38 - 2010-12-20 11:51 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-10 14:36 - 2012-10-25 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-10 14:36 - 2010-12-20 11:50 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-03-10 14:36 - 2010-12-20 11:47 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-10 14:36 - 2010-12-20 06:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-10 14:36 - 2010-12-20 06:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-10 14:35 - 2014-03-10 14:36 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 13:54 - 2014-03-10 14:14 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 13:48 - 2012-02-04 23:47 - 00000356 _____ () C:\WINDOWS\Tasks\AutoUpdaterTask.job
2014-03-10 13:41 - 2011-01-08 23:45 - 00435086 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-10 13:41 - 2010-12-20 11:52 - 00000178 ___SH () C:\Documents and Settings\jturner\ntuser.ini
2014-03-10 13:24 - 2013-03-20 09:19 - 00000410 ____H () C:\WINDOWS\Tasks\Norton Security Scan for jturner.job
2014-03-10 12:34 - 2013-11-21 23:51 - 00303511 _____ () C:\WINDOWS\setupapi.log
2014-03-10 12:30 - 2013-12-13 14:34 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-03-10 09:48 - 2014-01-14 14:12 - 00004584 _____ () C:\Documents and Settings\jturner\Desktop\Rkill.txt
2014-03-10 09:23 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\security
2014-03-10 00:02 - 2010-12-20 12:30 - 00000569 _____ () C:\WINDOWS\system32\ipstuffNew.txt
2014-03-10 00:00 - 2010-12-20 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-09 19:01 - 2014-03-08 15:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-09 19:01 - 2010-12-20 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-03-09 17:13 - 2008-04-13 19:00 - 00000793 _____ () C:\WINDOWS\win.ini
2014-03-09 13:56 - 2010-12-20 11:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-09 09:11 - 2010-12-20 06:39 - 00006792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-09 02:14 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-03-08 20:58 - 2010-12-20 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-08 20:57 - 2010-12-20 11:52 - 00000000 ____D () C:\Documents and Settings\jturner
2014-03-08 18:31 - 2010-12-20 12:00 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-08 18:28 - 2010-12-20 12:31 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Download Manager
2014-03-08 16:53 - 2012-09-24 10:02 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 10:32 - 2008-04-13 19:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-07 15:32 - 2010-12-22 15:54 - 00000284 _____ () C:\WINDOWS\ccolwiz.ini
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 13:33 - 2010-12-20 21:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-05 13:32 - 2013-09-09 14:39 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-03-05 13:31 - 2013-12-11 13:13 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Optimizer Pro
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:47 - 2010-12-20 11:42 - 00019731 _____ () C:\WINDOWS\wmsetup.log
2014-03-03 17:16 - 2014-02-24 11:54 - 00000000 ____D () C:\Qoobox
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 17:05 - 2008-04-13 19:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-03 17:00 - 2010-12-20 06:38 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 50069504 _____ () C:\WINDOWS\system32\config\software.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 00786432 _____ () C:\WINDOWS\system32\config\default.bak
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 16:59 - 2014-02-24 11:53 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-03 16:56 - 2014-03-02 15:50 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:41 - 2011-11-06 20:11 - 00000330 _____ () C:\WINDOWS\lexstat.ini
2014-02-28 17:55 - 2011-01-08 23:45 - 08259718 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1782093909-3530200959-3520366946-1219-0.dat
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Macromedia
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Adobe
2014-02-27 15:16 - 2014-02-27 12:03 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-27 11:23 - 2010-12-21 09:02 - 00055808 _____ () C:\Documents and Settings\jturner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 15:34 - 2013-09-09 14:39 - 00000000 ____D () C:\Documents and Settings\admin
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2010-12-20 06:37 - 00000464 __RSH () C:\boot.ini
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-21 15:21 - 2014-02-21 15:21 - 00000064 _____ () C:\WINDOWS\system32\thezlth.dfw
2014-02-21 15:21 - 2014-02-21 15:21 - 00000000 _____ () C:\WINDOWS\system32\asiepmf.abb
2014-02-21 15:07 - 2011-01-24 09:24 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Autodesk
2014-02-21 15:05 - 2014-02-21 15:05 - 00105465 ____S () C:\WINDOWS\system32\stgdlhu.iwi
2014-02-20 22:06 - 2010-12-20 12:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-02-20 22:05 - 2010-12-20 06:39 - 01463538 _____ () C:\WINDOWS\iis6.log
2014-02-20 22:05 - 2010-12-20 06:39 - 01321189 _____ () C:\WINDOWS\FaxSetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00643838 _____ () C:\WINDOWS\ocgen.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00610360 _____ () C:\WINDOWS\tsoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00450126 _____ () C:\WINDOWS\comsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00411406 _____ () C:\WINDOWS\msmqinst.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00271418 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00232807 _____ () C:\WINDOWS\netfxocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00091854 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00073391 _____ () C:\WINDOWS\ocmsn.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00067187 _____ () C:\WINDOWS\tabletoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00066515 _____ () C:\WINDOWS\msgsocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-02-12 16:37 - 2014-02-24 12:00 - 00000347 _____ () C:\Boot.bak
2014-02-12 16:36 - 2013-01-29 11:21 - 00000000 ____D () C:\Documents and Settings\jturner\Local Settings\Application Data\Deployment
2014-02-12 16:36 - 2011-03-09 09:30 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Dropbox
 
Alureon:
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\wow.dll
 
Some content of TEMP:
====================
C:\Documents and Settings\jturner\Local Settings\Temp\heem.exe
C:\Documents and Settings\jturner\Local Settings\Temp\hiiomkn.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2008-04-13 19:00] - [2009-02-09 08:10] - 0402432 ____A (Microsoft Corporation) b40e13735fd684d8649063089711ffed 
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Attach.txt (Begin)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-03-2014
Ran by jturner at 2014-03-10 15:38:15
Running from C:\Documents and Settings\jturner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Sunbelt VIPRE (Disabled - Up to date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.21 (HKLM\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.3 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS6 (HKLM\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Anti-phishing Domain Advisor (HKLM\...\Anti-phishing Domain Advisor) (Version: 1.1.0.1 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Communication Manager (HKLM\...\{E9EB1566-BA9E-458D-9EF3-5776FE58FC69}) (Version: 7.00.0208.0 - AT&T)
Auto Updater 1.2.0.1 (HKLM\...\AutoUpdater_is1) (Version:  - )
AutoCAD LT 2004 (HKLM\...\{5783F2D7-0209-0409-0000-0060B0CE6BBA}) (Version: 16.0.0.086 - Autodesk)
AutoCAD LT 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD LT 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk AutoCAD LT 2014 - English (HKLM\...\AutoCAD LT 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Express Viewer (HKLM\...\Autodesk Express Viewer) (Version: 3.1 - Autodesk, Inc.)
Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
Bing Bar Platform (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated) <==== ATTENTION
CouponBar (HKLM\...\CouponBar5.0.0.5) (Version: 5.0.0.5 - Coupons.com Incorporated) <==== ATTENTION
CYME 5.04 Rev 06 (HKLM\...\InstallShield_{9D6B25A8-1D19-4855-B7B8-924E994AD26B}) (Version: 5.04.6.0343 - CYME)
CYME 5.04 Rev 06 (Version: 5.04.6.0343 - CYME) Hidden
DataView (HKLM\...\{A7E6448C-0984-4ECE-95F8-25FDBA43767F}) (Version: 3.07.0003 - Chauvin Arnoux, Inc. dba AEMC Instruments)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.3.2.10 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1002.101.102 - ALPS ELECTRIC CO., LTD.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Digital Photo Navigator 1.5 (HKLM\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version:  - )
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Download Suite (HKLM\...\{F878811B-1C11-4DE0-B236-AC28A8FFF1FF}_is1) (Version: 3.0.0 - Amprobe Instruments)
Dran-View 6 (HKLM\...\DV_6) (Version: 6.11.2 - Dranetz)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
EasyPower Demo (HKLM\...\{CBDE112B-625A-4E3D-A78F-6381290E16F1}) (Version: 9.0 - ESA)
EasyPower Demo 9.0 (Version: 9.0 - ESA) Hidden
EPSON USB Display (HKLM\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.42.000 - SEIKO EPSON CORPORATION)
ESim6 (HKLM\...\ST6UNST #1) (Version:  - )
eXpress TimeStamp Toucher (HKCU\...\eXpress TimeStamp Toucher) (Version:  - )
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FlukeView Power Quality Analyzer 3 (HKLM\...\{786FB8FC-F686-45A9-8691-A57BE6798F63}) (Version:  - )
Freeze.com NetAssistant (HKCU\...\NetAssistant 3.8.3) (Version: 3.8.3 - Freeze.com)
Garmin City Navigator North America NT 2011.31 Update (HKLM\...\{82E7071E-2386-4B87-9C18-EDB8A7FBE4FF}) (Version: 14.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4601.54 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GoToMyPC (HKLM\...\{74EA06CC-9EFD-410D-88B4-CB5ABD2BE785}) (Version: 8.0.943 - Citrix Online)
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.06) (Version: 9.06 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{9D6C64CC-EA60-47A6-9C97-82C38231EDAE}) (Version: 14.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6274.0 - IDT)
Image2CAD 1.1 (HKLM\...\Image2CAD_is1) (Version:  - CADTool Software)
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Integrated Webcam Driver (1.08.01.0129)   (HKLM\...\Creative OA001) (Version: 1.08.01.0129 - Creative Technology Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5284 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 14.5 - Intel)
ITSupport247-DPMA (HKLM\...\SAAZOD) (Version: 5.2.2 - Continuum Managed Services LLC)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_19 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142190}) (Version: 1.4.2_19 - Sun Microsystems, Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
L7600 (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Lexmark Printer Software Uninstall (HKLM\...\Lexmark Printer Software Uninstall) (Version:  - )
Lexmark X1100 Series (HKLM\...\Lexmark X1100 Series) (Version:  - )
LifeSize Desktop 2.0 (HKLM\...\{896BC486-53EF-4A8F-8475-5F708780135B}) (Version: 2.0.1 - LifeSize Communications)
LogMeIn (HKLM\...\{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}) (Version: 4.1.1558 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Maths Helper Plus (HKLM\...\Maths Helper Plus) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Default Manager (Version: 2.1.55.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.126.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60816.0 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
MobileSyncBrowser 5.6.1 (HKLM\...\MobileSyncBrowse_0) (Version: 5.6.1 - VSC LLC)
MPM (HKLM\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
National Fire Codes - NECH 2008 (HKLM\...\National Fire Codes - NECH 2008) (Version:  - )
NetAssistant (Version: 3.8.3 - Freeze.com) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.0.46 - Symantec Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OneStop Video Converter 1.8 (HKLM\...\OneStop Video Converter PRO_is1) (Version:  - )
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Story 3 for Windows (HKLM\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PMI USB Driver (HKLM\...\{AAAED391-E701-41B3-BA45-76F2E922588B}) (Version: 1.0.0 - Power Monitors, Inc)
Power Analyze version 2.10 (HKLM\...\Power Analyze2.10_is1) (Version: 2.10 - Fluke Corporation, USA)
Power Design Pro™ (HKCU\...\24fb40610517a88f) (Version: 2013.1.13.1 - Generac Power Systems)
Power Log 3.4 (HKLM\...\Power Log) (Version: 3.4 - Fluke Corporation)
Power Vision v1.6c (HKLM\...\Power Vision v1.6c) (Version:  - )
PowerCinema NE for Everio (HKLM\...\{39CEE1F2-12B6-4C50-9131-04BFCA110578}) (Version:  - )
PowerDirector Express (HKLM\...\{EDE721EC-870A-11D8-9D75-000129760D75}) (Version:  - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PowerSight Manager (HKLM\...\PowerSight Manager_is1) (Version:  - Summit Technology, Inc.)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Pronto for Windows (HKLM\...\Pronto for Windows) (Version:  - )
ProVision (HKLM\...\{7F94D422-6669-4330-A770-D5520092EF29}) (Version: 1.0 - Power Monitors, Inc)
pstoedit and importps 3.61 (HKLM\...\pstoedit and importps_is1) (Version: 3.61 - H&W Glunz)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Salesforce for Outlook (HKLM\...\{45E670D4-D623-4FF6-B590-4780550F278F}) (Version: 1.3.170.1114 - salesforce.com)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scan2CAD v8 (HKLM\...\Scan2CAD v88.2) (Version: 8.2 - Avia Systems Limited)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
SRS Premium Sound (HKLM\...\{9C875FEA-B49E-49F7-AE62-0F9B91F90982}) (Version: 1.08.1400 - SRS Labs, Inc.)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
Sunbelt Enterprise Agent (HKLM\...\{9D544611-F437-4153-913E-91CE036583CC}) (Version: 3.1.2848 - Sunbelt Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tera Term Pro (HKLM\...\Tera Term Pro) (Version:  - )
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{BD6B5D42-37A7-46A0-912C-E7578E1F03C5}) (Version:  - Microsoft)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Updater (HKLM\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Creative Island Media, LLC) <==== ATTENTION
VideoFileDownload (HKLM\...\vfd-cb) (Version: 1.0 - VideoFileDownload)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (06/26/2012 6.3.0.48) (HKLM\...\B55781558C6FAB4237DDEE317F2409086B83E855) (Version: 06/26/2012 6.3.0.48 - Citrix Systems)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
WinScan (HKLM\...\WinScanKey) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
ZWCAD 2012 English (HKLM\...\{FEB35064-96FF-43AD-9473-01E7CD8511F0}) (Version: 12.0.0.0830 - ZWCAD Software Co.,Ltd)
 
==================== Restore Points  =========================
 
11-12-2013 14:25:19 _11-Dec-2013 09:25:15 AM
12-12-2013 14:35:23 Printer Driver LogMeIn Printer Driver Installed
12-12-2013 14:50:15 _12-Dec-2013 09:50:06 AM
13-12-2013 14:33:41 _13-Dec-2013 09:33:37 AM
15-12-2013 15:22:31 _15-Dec-2013 10:22:26 AM
16-12-2013 05:30:13 _16-Dec-2013 12:30:10 AM
17-12-2013 05:02:23 _17-Dec-2013 12:02:18 AM
18-12-2013 05:23:07 _18-Dec-2013 12:23:02 AM
19-12-2013 15:48:10 _19-Dec-2013 10:48:06 AM
20-12-2013 14:22:12 _20-Dec-2013 09:22:08 AM
23-12-2013 14:37:53 _23-Dec-2013 09:37:48 AM
24-12-2013 14:50:49 _24-Dec-2013 09:50:44 AM
25-12-2013 16:32:37 _25-Dec-2013 11:32:32 AM
26-12-2013 05:11:14 _26-Dec-2013 12:11:10 AM
26-12-2013 06:01:44 Software Distribution Service 3.0
26-12-2013 06:02:54 Software Distribution Service 3.0
26-12-2013 06:03:18 Software Distribution Service 3.0
26-12-2013 06:03:42 Software Distribution Service 3.0
26-12-2013 06:04:03 Software Distribution Service 3.0
26-12-2013 06:04:27 Software Distribution Service 3.0
27-12-2013 05:02:51 _27-Dec-2013 12:02:40 AM
28-12-2013 05:16:24 _28-Dec-2013 12:16:20 AM
31-12-2013 14:23:13 _31-Dec-2013 09:23:09 AM
04-01-2014 16:16:45 _04-Jan-2014 11:16:40 AM
05-01-2014 15:06:09 _05-Jan-2014 10:06:03 AM
06-01-2014 05:13:47 _06-Jan-2014 12:13:39 AM
07-01-2014 14:58:33 _07-Jan-2014 09:58:29 AM
07-01-2014 21:54:33 Installed GoToMyPC
08-01-2014 14:44:06 _08-Jan-2014 09:44:02 AM
09-01-2014 14:23:22 _09-Jan-2014 09:23:17 AM
10-01-2014 14:24:33 _10-Jan-2014 09:24:28 AM
13-01-2014 14:38:56 _13-Jan-2014 09:38:52 AM
14-01-2014 14:31:26 _14-Jan-2014 09:31:22 AM
15-01-2014 05:28:07 _15-Jan-2014 12:27:59 AM
16-01-2014 14:27:48 _16-Jan-2014 09:27:43 AM
21-01-2014 14:07:54 Printer Driver LogMeIn Printer Driver Installed
21-01-2014 14:21:58 _21-Jan-2014 09:21:53 AM
22-01-2014 14:32:08 _22-Jan-2014 09:32:04 AM
23-01-2014 14:32:15 _23-Jan-2014 09:32:10 AM
24-01-2014 14:23:48 _24-Jan-2014 09:23:43 AM
27-01-2014 14:38:53 _27-Jan-2014 09:38:48 AM
28-01-2014 14:23:58 _28-Jan-2014 09:23:54 AM
29-01-2014 14:24:11 _29-Jan-2014 09:24:04 AM
30-01-2014 14:12:01 _30-Jan-2014 09:11:56 AM
31-01-2014 01:44:07 Software Distribution Service 3.0
31-01-2014 01:44:51 Software Distribution Service 3.0
31-01-2014 01:45:03 Software Distribution Service 3.0
31-01-2014 01:45:14 Software Distribution Service 3.0
31-01-2014 01:45:28 Software Distribution Service 3.0
31-01-2014 01:45:53 Software Distribution Service 3.0
31-01-2014 01:45:59 Software Distribution Service 3.0
31-01-2014 01:46:49 Software Distribution Service 3.0
31-01-2014 14:19:52 _31-Jan-2014 09:19:48 AM
01-02-2014 21:47:49 _01-Feb-2014 04:47:45 PM
02-02-2014 05:23:43 _02-Feb-2014 12:23:39 AM
03-02-2014 05:12:16 _03-Feb-2014 12:12:12 AM
04-02-2014 14:10:46 _04-Feb-2014 09:10:40 AM
05-02-2014 18:03:13 _05-Feb-2014 01:03:09 PM
06-02-2014 14:18:52 _06-Feb-2014 09:18:48 AM
07-02-2014 14:39:52 _07-Feb-2014 09:39:48 AM
10-02-2014 14:25:01 _10-Feb-2014 09:24:56 AM
11-02-2014 14:42:02 _11-Feb-2014 09:41:57 AM
12-02-2014 14:25:23 _12-Feb-2014 09:25:13 AM
14-02-2014 14:38:44 _14-Feb-2014 09:38:38 AM
16-02-2014 23:02:18 _16-Feb-2014 06:02:12 PM
17-02-2014 05:05:44 _17-Feb-2014 12:05:39 AM
18-02-2014 14:29:12 _18-Feb-2014 09:29:07 AM
19-02-2014 14:26:57 _19-Feb-2014 09:26:52 AM
20-02-2014 13:11:41 _20-Feb-2014 08:11:35 AM
21-02-2014 02:05:15 Software Distribution Service 3.0
21-02-2014 02:06:00 Software Distribution Service 3.0
21-02-2014 02:06:33 Software Distribution Service 3.0
21-02-2014 14:27:01 _21-Feb-2014 09:26:57 AM
22-02-2014 15:39:59 _22-Feb-2014 10:39:36 AM
24-02-2014 00:52:15 _23-Feb-2014 07:51:55 PM
24-02-2014 05:07:52 _24-Feb-2014 12:07:11 AM
25-02-2014 14:21:42 _25-Feb-2014 09:21:37 AM
26-02-2014 05:23:17 _26-Feb-2014 12:23:08 AM
27-02-2014 14:30:38 _27-Feb-2014 09:30:33 AM
28-02-2014 14:22:21 _28-Feb-2014 09:22:15 AM
02-03-2014 18:53:42 _02-Mar-2014 01:53:36 PM
03-03-2014 14:12:15 _03-Mar-2014 09:11:41 AM
04-03-2014 18:30:22 _04-Mar-2014 01:30:11 PM
05-03-2014 14:39:39 _05-Mar-2014 09:39:17 AM
06-03-2014 14:15:09 _06-Mar-2014 09:14:40 AM
07-03-2014 14:27:07 _07-Mar-2014 09:26:52 AM
08-03-2014 14:48:23 _08-Mar-2014 09:48:17 AM
09-03-2014 05:19:25 _09-Mar-2014 12:19:09 AM
10-03-2014 05:20:03 System Checkpoint
10-03-2014 06:32:11 _10-Mar-2014 02:32:06 AM
 
==================== Hosts content: ==========================
 
2012-09-24 20:14 - 2014-03-03 17:05 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AutoUpdaterTask.job => C:\Program Files\Auto Updater\AutoUpdater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219Core.job => C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219UA.job => C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Norton Security Scan for jturner.job => C:\PROGRA~1\NORTON~2\Engine\400~1.46\Nss.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\My Dell\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-12-20 11:54 - 2010-02-02 22:47 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2010-12-20 11:54 - 2010-02-02 22:45 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2010-12-21 10:59 - 2009-12-20 21:42 - 00176235 _____ () C:\WINDOWS\system32\Primomonnt.dll
2011-11-06 20:11 - 2003-07-29 10:27 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBKPP5C.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\WINDOWS\system32\vpnapi.dll
2011-04-12 20:36 - 2006-09-28 21:18 - 00266343 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-01-14 12:42 - 2014-01-14 12:42 - 00028672 _____ () C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll
2010-12-20 11:54 - 2010-02-02 22:47 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2008-04-13 19:00 - 2008-04-13 19:00 - 00014336 _____ () C:\WINDOWS\system32\MSDMO.DLL
2008-04-13 19:00 - 2008-04-13 19:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-13 19:00 - 2008-04-13 19:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-12-06 15:41 - 2013-12-03 22:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 15:41 - 2013-12-03 22:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 15:41 - 2013-12-03 22:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Salesforce for Outlook.lnk => C:\WINDOWS\pss\Salesforce for Outlook.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk => C:\WINDOWS\pss\VPN Client.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^jturner^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AESTFltr => %SystemRoot%\system32\AESTFltr.exe /NoDlg
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Documents and Settings\jturner\Local Settings\Application Data\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Anti-phishing Domain Advisor => "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AT&T Communication Manager => "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DellSystemDetect => C:\Documents and Settings\jturner\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: EPSON_UD_START => "C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT
MSCONFIG\startupreg: EverioService => "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
MSCONFIG\startupreg: GoToMeeting => "C:\Program Files\Citrix\GoToMeeting\1132\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Lexmark X1100 Series => "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
MSCONFIG\startupreg: LifeSizeDesktop => "C:\Program Files\LifeSize\Desktop\LifeSizeDesktop.exe" -autorun
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: OA001Mon => C:\WINDOWS\OA001Mon.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SRS Premium Sound => "C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Synchronization Manager => %SystemRoot%\system32\mobsync.exe /logon
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom USH
Description: Broadcom USH
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Dell Wireless 1397 WLAN Mini-Card
Description: Dell Wireless 1397 WLAN Mini-Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1102w
Description: HP LaserJet Professional P1102w
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2055dn
Description: HP LaserJet P2055dn
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Premium C309g-m
Description: Photosmart Premium C309g-m
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: USB Serial Port (COM10)
Description: USB Serial Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: FTDI
Service: FTSER2K
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2014 02:31:37 PM) (Source: Application Error) (User: )
Description: Fault bucket 118663440.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (03/10/2014 02:31:27 PM) (Source: Application Error) (User: )
Description: Faulting application dds (4).com, version 2012.11.20.1, faulting module system.dll, version 0.0.0.0, fault address 0x0000186d.
Processing media-specific event for [dds (4).com!ws!]
 
Error: (03/10/2014 02:05:40 PM) (Source: Application Error) (User: )
Description: Faulting application dds (2).com, version 2012.11.20.1, faulting module system.dll, version 0.0.0.0, fault address 0x0000186d.
Processing media-specific event for [dds (2).com!ws!]
 
Error: (03/10/2014 01:58:01 PM) (Source: Application Error) (User: )
Description: Faulting application dds (1).com, version 2012.11.20.1, faulting module system.dll, version 0.0.0.0, fault address 0x0000186d.
Processing media-specific event for [dds (1).com!ws!]
 
Error: (03/10/2014 01:55:28 PM) (Source: Application Error) (User: )
Description: Faulting application dds.com, version 2012.11.20.1, faulting module system.dll, version 0.0.0.0, fault address 0x0000186d.
Processing media-specific event for [dds.com!ws!]
 
Error: (03/10/2014 06:49:53 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/10/2014 06:49:42 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/10/2014 05:16:27 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PQI\JTurner failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (03/10/2014 05:15:16 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (03/09/2014 09:18:09 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for PQI\JTurner failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
 
System errors:
=============
Error: (03/10/2014 02:40:31 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 e5163e98, parameter2 0000001c, parameter3 00000001, parameter4 804fc96a.
 
Error: (03/10/2014 02:40:22 PM) (Source: DCOM) (User: PQI)
Description: The server {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} did not register with DCOM within the required timeout.
 
Error: (03/10/2014 02:37:37 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (03/10/2014 02:36:14 PM) (Source: 0) (User: )
Description: PQI            :010.0.0.11510.0.0.50
 
Error: (03/10/2014 01:47:03 PM) (Source: DCOM) (User: PQI)
Description: The server {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} did not register with DCOM within the required timeout.
 
Error: (03/10/2014 01:44:40 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (03/10/2014 01:43:16 PM) (Source: 0) (User: )
Description: PQI            :010.0.0.11510.0.0.50
 
Error: (03/10/2014 09:46:05 AM) (Source: Service Control Manager) (User: )
Description: The Nalpeiron Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/10/2014 09:45:57 AM) (Source: Service Control Manager) (User: )
Description: The DW WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/10/2014 09:16:57 AM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (11/17/2013 11:26:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3669 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error: (11/12/2013 02:49:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16735 seconds with 10680 seconds of active time.  This session ended with a crash.
 
Error: (08/28/2013 02:00:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6676.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/24/2013 00:09:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 849 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 09:35:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 47 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 09:33:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 44 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/11/2013 09:32:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 155 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (05/09/2013 10:55:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2681 seconds with 2400 seconds of active time.  This session ended with a crash.
 
Error: (05/06/2013 04:39:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8406 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error: (05/01/2013 04:40:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3146 seconds with 1740 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 3535.73 MB
Available physical RAM: 1635.62 MB
Total Pagefile: 5417.52 MB
Available Pagefile: 3605.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.74 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:63.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:1.92 GB) (Free:1.65 GB) FAT
Drive q: (Data) (Network) (Total:1843.2 GB) (Free:1419.75 GB) NTFS
Drive s: (Data) (Network) (Total:1843.2 GB) (Free:1419.75 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: A42D04A3)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 10 March 2014 - 03:03 PM

All right. Then please continue with the following steps:


Step 1

Please download this attached Attached File  fixlist.txt   2.03KB   4 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 10 March 2014 - 03:05 PM.


#5 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 10 March 2014 - 03:36 PM

aharonov,

 

The requested log file is attached.  By the way, my computer is pissed off right now.  All was going smoothly with the copy and paste and then all of the sudden my hard drive started working like crazy.  Everything running slow.  Finally got files to copy.

 

Step 1 (Complete)

 

Fixlog.txt(Begin)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-03-2014
Ran by jturner at 2014-03-10 16:14:51 Run:1
Running from C:\Documents and Settings\jturner\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Replace: c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll c:\windows\system32\rpcss.dll
Replace: c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll c:\windows\system32\dllcache\rpcss.dll
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk
2014-02-21 15:32 - 2014-03-10 14:46 - 00000071 _____ () C:\WINDOWS\system32\yeorwey.yof
2014-02-21 15:21 - 2014-02-21 15:21 - 00000064 _____ () C:\WINDOWS\system32\thezlth.dfw
2014-02-21 15:21 - 2014-02-21 15:21 - 00000000 _____ () C:\WINDOWS\system32\asiepmf.abb
2014-02-21 15:05 - 2014-02-21 15:05 - 00105465 ____S () C:\WINDOWS\system32\stgdlhu.iwi
2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Ahwworks] - regsvr32.exe "C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll"
C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (FindWide Toolbar) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd [2013-12-11]
CHR Extension: (Tidy Network) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjojdpkgkmjbkfffeohjpejgoelkbhkl [2013-12-11]
CHR Extension: (HelperApps) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffpbmldpodpcolmapfcjkjkcfgbggmhl [2013-12-11]
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll ()
C:\Documents and Settings\jturner\Local Settings\Temp\*.exe
CMD: dir /a:d/b "C:\Documents and Settings\jturner\Local Settings\Temp"
CMD: dir /a:d/b "C:\Documents and Settings\jturner\Application Data"
Reboot:
*****************
 
c:\windows\system32\rpcss.dll => Moved successfully.
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to c:\windows\system32\rpcss.dll
c:\windows\system32\dllcache\rpcss.dll => Moved successfully.
c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to c:\windows\system32\dllcache\rpcss.dll
 
"C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk" directory move:
 
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\tmp1BF.tmp => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\tmp1C0.tmp => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\tmp1EA.tmp => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\tmp1EB.tmp => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\wow.dll => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\wow.ini => Moved successfully.
Could not move "C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk" directory. => Scheduled to move on reboot.
 
C:\WINDOWS\system32\yeorwey.yof => Moved successfully.
C:\WINDOWS\system32\thezlth.dfw => Moved successfully.
Could not move "C:\WINDOWS\system32\asiepmf.abb" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\stgdlhu.iwi" => Scheduled to move on reboot.
 
"C:\Documents and Settings\jturner\Application Data\Xaastoyg" directory move:
 
Could not move "C:\Documents and Settings\jturner\Application Data\Xaastoyg" directory. => Scheduled to move on reboot.
 
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\Software\Microsoft\Windows\CurrentVersion\Run\\Ahwworks => Value deleted successfully.
 
"C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks" directory move:
 
C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dat => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll => Moved successfully.
Could not move "C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks" directory. => Scheduled to move on reboot.
 
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
 
"C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd" directory move:
 
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\icon_48.ico => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\manifest.json => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\pinnedSearch.htm => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\tnt2.js => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\tnt2start.js => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd\1.0.0.0_0\toolbar.html => Moved successfully.
Could not move "C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd" directory. => Scheduled to move on reboot.
 
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjojdpkgkmjbkfffeohjpejgoelkbhkl => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffpbmldpodpcolmapfcjkjkcfgbggmhl => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
HKCR\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Value deleted successfully.
HKCR\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key deleted successfully.
C:\Documents and Settings\jturner\Local Settings\Temp\*.exe => Moved successfully.
 
=========  dir /a:d/b "C:\Documents and Settings\jturner\Local Settings\Temp" =========
 
2188_3144
2236_25257
5332_4513
Acrobat Distiller 10
Adobe
CitrixDumps
citrixlogs
hsperfdata_JTurner
msohtmlclip
msohtmlclip1
nsa3A.tmp
nsb101.tmp
nsc50.tmp
nsl6D.tmp
sfniwwk
spesmir
VBE
WER5360.dir00
WER8fc0.dir00
WPDNSE
 
========= End of CMD: =========
 
 
=========  dir /a:d/b "C:\Documents and Settings\jturner\Application Data" =========
 
Adobe
AdobeUM
Apple Computer
AT&T
Auto Updater
Autodesk
AVS4YOU
blekkotb_019
Bytemobile
chc
chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
CrashReport
CyberLink
DataView
Dell
Download Manager
Dropbox
FileZilla
FirstClass
GARMIN
Google
Guewil
Help
HP
HPAppData
HpUpdate
Identities
InstallShield Installation Information
Intelli-studio
Irbiiz
Macromedia
Malwarebytes
Microsoft
MobileSyncBrowser
Mozilla
Optimizer Pro
PCDr
PDAppFlex
Power Monitors, Inc
PrimoPDF
salesforce.com
Sierra Wireless
Skype
StageManager.BD092818F67280F4B42B04877600987F0111B594.1
Sun
Sunbelt
webex
Windows Small Business Server
Xaastoyg
Yahoo!
ZWSoft
 
========= End of CMD: =========
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-10 16:20:26)<=
 
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk => Moved successfully.
C:\WINDOWS\system32\asiepmf.abb => Is moved successfully.
C:\WINDOWS\system32\stgdlhu.iwi => Is moved successfully.
"C:\Documents and Settings\jturner\Application Data\Xaastoyg" => Directory could not move.
C:\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks => Moved successfully.
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obalemfhgdldfgjblgjfahhkigbfhahd => Moved successfully.
 
==== End of Fixlog ====
 

Step 2 (Complete)

 

FRST.txt(Begin)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014
Ran by jturner (administrator) on JEFF-XP-NEW1 on 10-03-2014 16:26:30
Running from C:\Documents and Settings\jturner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(IDT, Inc.) c:\program files\idt\wdm\stacsv.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZDPMACTL.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZScheduler.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZServerPlus.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZWatchDog.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtdrHlpDk.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mcomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mlauncher.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SBAMTray] - C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe [669008 2010-01-04] (Sunbelt Software)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [GoToMeeting] - C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe [40816 2013-09-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1261472 2012-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Policies\Explorer: [] 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC67412F43028CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.4
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
 
========================== Services (Whitelisted) =================
 
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 CommunicatorSvc; C:\Program Files\Power Monitors, Inc\ProVision\CommunicatorSvc.exe [53248 2012-09-19] (Power Monitors, Inc)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-09-02] (Flexera Software LLC)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1319768 2013-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-05-02] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-28] ()
R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [78664 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [77824 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [77824 2009-04-30] (Zenith Infotech Ltd)
R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S2 SBAMSvc; C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe [1012080 2010-01-04] (Sunbelt Software)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-03-10] (IDT, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2404352 2010-02-02] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-02] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [240344 2009-08-04] (Intel Corporation)
R3 eppvad_simple; C:\WINDOWS\System32\drivers\EMP_UDAU.sys [17664 2008-05-14] (SEIKO EPSON CORPORATION)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2014-01-14] ()
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [28416 2013-03-13] (Citrix Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)
R3 radpms; C:\WINDOWS\System32\DRIVERS\radpms.sys [13408 2010-05-31] (LogMeIn, Inc.)
R3 ROCKEYNT; C:\WINDOWS\System32\DRIVERS\Rockey4.sys [22016 2012-06-04] (Feitian Technologies Co., Ltd.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [13360 2009-05-13] (Sunbelt Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [69936 2009-08-10] (Sunbelt Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [95024 2009-10-13] (Sunbelt Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [203056 2009-07-15] (Sunbelt Software)
R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232744 2009-03-24] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2010-03-10] (IDT, Inc.)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [196384 2011-01-30] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; No ImagePath
U2 CertPropSvc; 
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt
2014-03-10 15:37 - 2014-03-10 16:26 - 00019393 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-10 15:35 - 2014-03-10 16:20 - 00000000 ____D () C:\FRST
2014-03-10 15:35 - 2014-03-10 15:34 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:36 - 2014-03-10 14:35 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 14:14 - 2014-03-10 13:54 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 14:09 - 2014-03-10 15:19 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-08 15:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-02-27 12:03 - 2014-02-27 15:16 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2014-02-12 16:37 - 00000347 _____ () C:\Boot.bak
2014-02-24 12:00 - 2004-08-04 00:00 - 00260272 __RSH () C:\cmldr
2014-02-24 11:57 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 11:57 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 11:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 11:54 - 2014-03-03 17:16 - 00000000 ____D () C:\Qoobox
2014-02-24 11:53 - 2014-03-03 16:59 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
 
==================== One Month Modified Files and Folders =======
 
2014-03-10 16:26 - 2014-03-10 15:37 - 00019393 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-10 16:23 - 2010-12-20 11:44 - 01294108 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-10 16:21 - 2010-12-20 12:28 - 00000000 ____D () C:\Program Files\SAAZOD
2014-03-10 16:20 - 2014-03-10 15:35 - 00000000 ____D () C:\FRST
2014-03-10 16:19 - 2010-12-22 18:28 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 16:19 - 2010-12-20 11:51 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-10 16:17 - 2010-12-20 06:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-10 16:17 - 2010-12-20 06:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-03-10 16:16 - 2010-12-20 11:50 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-03-10 16:16 - 2010-12-20 11:47 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-10 16:15 - 2010-12-20 11:52 - 00000178 ___SH () C:\Documents and Settings\jturner\ntuser.ini
2014-03-10 16:15 - 2010-12-20 11:47 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-10 15:53 - 2010-12-20 17:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-10 15:48 - 2014-01-22 11:31 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219UA.job
2014-03-10 15:44 - 2010-12-22 18:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt
2014-03-10 15:34 - 2014-03-10 15:35 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:30 - 2012-05-29 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 15:19 - 2014-03-10 14:09 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-10 14:48 - 2014-01-22 11:31 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219Core.job
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:36 - 2012-10-25 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-10 14:35 - 2014-03-10 14:36 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 13:54 - 2014-03-10 14:14 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 13:48 - 2012-02-04 23:47 - 00000356 _____ () C:\WINDOWS\Tasks\AutoUpdaterTask.job
2014-03-10 13:41 - 2011-01-08 23:45 - 00435086 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-10 13:24 - 2013-03-20 09:19 - 00000410 ____H () C:\WINDOWS\Tasks\Norton Security Scan for jturner.job
2014-03-10 12:34 - 2013-11-21 23:51 - 00303511 _____ () C:\WINDOWS\setupapi.log
2014-03-10 12:30 - 2013-12-13 14:34 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-03-10 09:48 - 2014-01-14 14:12 - 00004584 _____ () C:\Documents and Settings\jturner\Desktop\Rkill.txt
2014-03-10 09:23 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\security
2014-03-10 00:02 - 2010-12-20 12:30 - 00000569 _____ () C:\WINDOWS\system32\ipstuffNew.txt
2014-03-10 00:00 - 2010-12-20 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-09 19:01 - 2014-03-08 15:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-09 19:01 - 2010-12-20 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-03-09 17:13 - 2008-04-13 19:00 - 00000793 _____ () C:\WINDOWS\win.ini
2014-03-09 13:56 - 2010-12-20 11:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-09 09:11 - 2010-12-20 06:39 - 00006792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-09 02:14 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-03-08 20:58 - 2010-12-20 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-08 20:57 - 2010-12-20 11:52 - 00000000 ____D () C:\Documents and Settings\jturner
2014-03-08 18:31 - 2010-12-20 12:00 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-08 18:28 - 2010-12-20 12:31 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Download Manager
2014-03-08 16:53 - 2012-09-24 10:02 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 10:32 - 2008-04-13 19:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-07 15:32 - 2010-12-22 15:54 - 00000284 _____ () C:\WINDOWS\ccolwiz.ini
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 13:33 - 2010-12-20 21:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-05 13:32 - 2013-09-09 14:39 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-03-05 13:31 - 2013-12-11 13:13 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Optimizer Pro
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:47 - 2010-12-20 11:42 - 00019731 _____ () C:\WINDOWS\wmsetup.log
2014-03-03 17:16 - 2014-02-24 11:54 - 00000000 ____D () C:\Qoobox
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 17:05 - 2008-04-13 19:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-03 17:00 - 2010-12-20 06:38 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 50069504 _____ () C:\WINDOWS\system32\config\software.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 00786432 _____ () C:\WINDOWS\system32\config\default.bak
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 16:59 - 2014-02-24 11:53 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-03 16:56 - 2014-03-02 15:50 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:41 - 2011-11-06 20:11 - 00000330 _____ () C:\WINDOWS\lexstat.ini
2014-02-28 17:55 - 2011-01-08 23:45 - 08259718 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1782093909-3530200959-3520366946-1219-0.dat
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Macromedia
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Adobe
2014-02-27 15:16 - 2014-02-27 12:03 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-27 11:23 - 2010-12-21 09:02 - 00055808 _____ () C:\Documents and Settings\jturner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 15:34 - 2013-09-09 14:39 - 00000000 ____D () C:\Documents and Settings\admin
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2010-12-20 06:37 - 00000464 __RSH () C:\boot.ini
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-21 15:07 - 2011-01-24 09:24 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Autodesk
2014-02-20 22:06 - 2010-12-20 12:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-02-20 22:05 - 2010-12-20 06:39 - 01463538 _____ () C:\WINDOWS\iis6.log
2014-02-20 22:05 - 2010-12-20 06:39 - 01321189 _____ () C:\WINDOWS\FaxSetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00643838 _____ () C:\WINDOWS\ocgen.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00610360 _____ () C:\WINDOWS\tsoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00450126 _____ () C:\WINDOWS\comsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00411406 _____ () C:\WINDOWS\msmqinst.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00271418 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00232807 _____ () C:\WINDOWS\netfxocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00091854 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00073391 _____ () C:\WINDOWS\ocmsn.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00067187 _____ () C:\WINDOWS\tabletoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00066515 _____ () C:\WINDOWS\msgsocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-02-12 16:37 - 2014-02-24 12:00 - 00000347 _____ () C:\Boot.bak
2014-02-12 16:36 - 2013-01-29 11:21 - 00000000 ____D () C:\Documents and Settings\jturner\Local Settings\Application Data\Deployment
2014-02-12 16:36 - 2011-03-09 09:30 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Dropbox
 
Alureon:
C:\Documents and Settings\jturner\Local Settings\Temp\spesmir\spnrhxr\wow.dll
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014

Ran by jturner (administrator) on JEFF-XP-NEW1 on 10-03-2014 16:26:30

Running from C:\Documents and Settings\jturner\Desktop

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

() C:\WINDOWS\System32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE

(IDT, Inc.) c:\program files\idt\wdm\stacsv.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE

(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe

(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe

(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZDPMACTL.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZScheduler.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZServerPlus.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZWatchDog.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe

(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtdrHlpDk.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mcomm.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mlauncher.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-02] (Dell Inc.)

HKLM\...\Run: [SBAMTray] - C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe [669008 2010-01-04] (Sunbelt Software)

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-05-31] (LogMeIn, Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)

HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1

HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)

HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [GoToMeeting] - C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe [40816 2013-09-09] (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1261472 2012-04-04] (Adobe Systems Incorporated)

HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Policies\Explorer: [] 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC67412F43028CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)

Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.4

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]

CHR Extension: (Google Drive) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]

CHR Extension: (YouTube) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]

CHR Extension: (Google Search) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]

CHR Extension: (Google Wallet) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]

CHR Extension: (Gmail) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]

 

========================== Services (Whitelisted) =================

 

S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.)

R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)

S3 CommunicatorSvc; C:\Program Files\Power Monitors, Inc\ProVision\CommunicatorSvc.exe [53248 2012-09-19] (Power Monitors, Inc)

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-09-02] (Flexera Software LLC)

R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1319768 2013-03-13] (Citrix Online, a division of Citrix Systems, Inc.)

R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-05-02] (Sun Microsystems, Inc.)

R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-28] ()

R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [82760 2011-07-05] (Zenith Infotech Ltd)

R2 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [82760 2011-07-05] (Zenith Infotech Ltd)

R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [86856 2010-12-20] (Zenith Infotech Ltd)

S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [78664 2010-12-20] (Zenith Infotech Ltd)

R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [77824 2010-12-20] (Zenith Infotech Ltd)

R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [77824 2009-04-30] (Zenith Infotech Ltd)

R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [86856 2010-12-20] (Zenith Infotech Ltd)

S2 SBAMSvc; C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe [1012080 2010-01-04] (Sunbelt Software)

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-03-10] (IDT, Inc.)

R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2404352 2010-02-02] (Dell Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)

R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)

S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)

S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)

S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)

S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-02] (Broadcom Corporation)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)

R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)

R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [240344 2009-08-04] (Intel Corporation)

R3 eppvad_simple; C:\WINDOWS\System32\drivers\EMP_UDAU.sys [17664 2008-05-14] (SEIKO EPSON CORPORATION)

S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)

R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)

R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)

R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)

R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2014-01-14] ()

R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [28416 2013-03-13] (Citrix Systems, Inc.)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)

R3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)

R3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)

R3 radpms; C:\WINDOWS\System32\DRIVERS\radpms.sys [13408 2010-05-31] (LogMeIn, Inc.)

R3 ROCKEYNT; C:\WINDOWS\System32\DRIVERS\Rockey4.sys [22016 2012-06-04] (Feitian Technologies Co., Ltd.)

R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [13360 2009-05-13] (Sunbelt Software)

R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [69936 2009-08-10] (Sunbelt Software)

R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [95024 2009-10-13] (Sunbelt Software)

R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [203056 2009-07-15] (Sunbelt Software)

R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232744 2009-03-24] ()

R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2010-03-10] (IDT, Inc.)

S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()

S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)

S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)

S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)

R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [196384 2011-01-30] (Jungo)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S0 cerc6; No ImagePath

U2 CertPropSvc; 

S4 IntelIde; No ImagePath

S4 LMIRfsClientNP; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt

2014-03-10 15:37 - 2014-03-10 16:26 - 00019393 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt

2014-03-10 15:35 - 2014-03-10 16:20 - 00000000 ____D () C:\FRST

2014-03-10 15:35 - 2014-03-10 15:34 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe

2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF

2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt

2014-03-10 14:36 - 2014-03-10 14:35 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp

2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt

2014-03-10 14:14 - 2014-03-10 13:54 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com

2014-03-10 14:09 - 2014-03-10 15:19 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt

2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp

2014-03-08 15:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz

2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu

2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp

2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe

2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com

2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp

2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt

2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG

2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp

2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe

2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp

2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg

2014-02-27 12:03 - 2014-02-27 15:16 - 00000000 ____D () C:\Brennan (8th Grade)

2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons

2014-02-24 12:00 - 2014-02-12 16:37 - 00000347 _____ () C:\Boot.bak

2014-02-24 12:00 - 2004-08-04 00:00 - 00260272 __RSH () C:\cmldr

2014-02-24 11:57 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe

2014-02-24 11:57 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe

2014-02-24 11:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe

2014-02-24 11:57 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe

2014-02-24 11:54 - 2014-03-03 17:16 - 00000000 ____D () C:\Qoobox

2014-02-24 11:53 - 2014-03-03 16:59 - 00000000 ____D () C:\WINDOWS\erdnt

2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp

2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log

2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

 

==================== One Month Modified Files and Folders =======

 

2014-03-10 16:26 - 2014-03-10 15:37 - 00019393 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt

2014-03-10 16:23 - 2010-12-20 11:44 - 01294108 _____ () C:\WINDOWS\WindowsUpdate.log

2014-03-10 16:21 - 2010-12-20 12:28 - 00000000 ____D () C:\Program Files\SAAZOD

2014-03-10 16:20 - 2014-03-10 15:35 - 00000000 ____D () C:\FRST

2014-03-10 16:19 - 2010-12-22 18:28 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-10 16:19 - 2010-12-20 11:51 - 00000000 __SHD () C:\WINDOWS\CSC

2014-03-10 16:17 - 2010-12-20 06:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-03-10 16:17 - 2010-12-20 06:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log

2014-03-10 16:16 - 2010-12-20 11:50 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl

2014-03-10 16:16 - 2010-12-20 11:47 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-03-10 16:15 - 2010-12-20 11:52 - 00000178 ___SH () C:\Documents and Settings\jturner\ntuser.ini

2014-03-10 16:15 - 2010-12-20 11:47 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt

2014-03-10 15:53 - 2010-12-20 17:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat

2014-03-10 15:48 - 2014-01-22 11:31 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219UA.job

2014-03-10 15:44 - 2010-12-22 18:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt

2014-03-10 15:34 - 2014-03-10 15:35 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe

2014-03-10 15:30 - 2012-05-29 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF

2014-03-10 15:19 - 2014-03-10 14:09 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt

2014-03-10 14:48 - 2014-01-22 11:31 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219Core.job

2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt

2014-03-10 14:36 - 2012-10-25 10:42 - 00000000 ____D () C:\WINDOWS\Minidump

2014-03-10 14:35 - 2014-03-10 14:36 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp

2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt

2014-03-10 13:54 - 2014-03-10 14:14 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com

2014-03-10 13:48 - 2012-02-04 23:47 - 00000356 _____ () C:\WINDOWS\Tasks\AutoUpdaterTask.job

2014-03-10 13:41 - 2011-01-08 23:45 - 00435086 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2014-03-10 13:24 - 2013-03-20 09:19 - 00000410 ____H () C:\WINDOWS\Tasks\Norton Security Scan for jturner.job

2014-03-10 12:34 - 2013-11-21 23:51 - 00303511 _____ () C:\WINDOWS\setupapi.log

2014-03-10 12:30 - 2013-12-13 14:34 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job

2014-03-10 09:48 - 2014-01-14 14:12 - 00004584 _____ () C:\Documents and Settings\jturner\Desktop\Rkill.txt

2014-03-10 09:23 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\security

2014-03-10 00:02 - 2010-12-20 12:30 - 00000569 _____ () C:\WINDOWS\system32\ipstuffNew.txt

2014-03-10 00:00 - 2010-12-20 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn

2014-03-09 19:01 - 2014-03-08 15:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz

2014-03-09 19:01 - 2010-12-20 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$

2014-03-09 17:13 - 2008-04-13 19:00 - 00000793 _____ () C:\WINDOWS\win.ini

2014-03-09 13:56 - 2010-12-20 11:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService

2014-03-09 09:11 - 2010-12-20 06:39 - 00006792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp

2014-03-09 02:14 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\PeerNet

2014-03-08 20:58 - 2010-12-20 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$

2014-03-08 20:57 - 2010-12-20 11:52 - 00000000 ____D () C:\Documents and Settings\jturner

2014-03-08 18:31 - 2010-12-20 12:00 - 00000000 __HDC () C:\WINDOWS\ie8

2014-03-08 18:28 - 2010-12-20 12:31 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Download Manager

2014-03-08 16:53 - 2012-09-24 10:02 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu

2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp

2014-03-08 10:32 - 2008-04-13 19:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-03-07 15:32 - 2010-12-22 15:54 - 00000284 _____ () C:\WINDOWS\ccolwiz.ini

2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe

2014-03-05 13:33 - 2010-12-20 21:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$

2014-03-05 13:32 - 2013-09-09 14:39 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini

2014-03-05 13:31 - 2013-12-11 13:13 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Optimizer Pro

2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com

2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp

2014-03-03 17:47 - 2010-12-20 11:42 - 00019731 _____ () C:\WINDOWS\wmsetup.log

2014-03-03 17:16 - 2014-02-24 11:54 - 00000000 ____D () C:\Qoobox

2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt

2014-03-03 17:05 - 2008-04-13 19:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-03-03 17:00 - 2010-12-20 06:38 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak

2014-03-03 17:00 - 2010-12-20 06:37 - 50069504 _____ () C:\WINDOWS\system32\config\software.bak

2014-03-03 17:00 - 2010-12-20 06:37 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak

2014-03-03 17:00 - 2010-12-20 06:37 - 00786432 _____ () C:\WINDOWS\system32\config\default.bak

2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG

2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG

2014-03-03 16:59 - 2014-02-24 11:53 - 00000000 ____D () C:\WINDOWS\erdnt

2014-03-03 16:56 - 2014-03-02 15:50 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg

2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp

2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe

2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp

2014-03-02 15:41 - 2011-11-06 20:11 - 00000330 _____ () C:\WINDOWS\lexstat.ini

2014-02-28 17:55 - 2011-01-08 23:45 - 08259718 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1782093909-3530200959-3520366946-1219-0.dat

2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Macromedia

2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Adobe

2014-02-27 15:16 - 2014-02-27 12:03 - 00000000 ____D () C:\Brennan (8th Grade)

2014-02-27 11:23 - 2010-12-21 09:02 - 00055808 _____ () C:\Documents and Settings\jturner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-02-24 15:34 - 2013-09-09 14:39 - 00000000 ____D () C:\Documents and Settings\admin

2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons

2014-02-24 12:00 - 2010-12-20 06:37 - 00000464 __RSH () C:\boot.ini

2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp

2014-02-21 15:07 - 2011-01-24 09:24 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Autodesk

2014-02-20 22:06 - 2010-12-20 12:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log

2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

2014-02-20 22:05 - 2010-12-20 06:39 - 01463538 _____ () C:\WINDOWS\iis6.log

2014-02-20 22:05 - 2010-12-20 06:39 - 01321189 _____ () C:\WINDOWS\FaxSetup.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00643838 _____ () C:\WINDOWS\ocgen.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00610360 _____ () C:\WINDOWS\tsoc.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00450126 _____ () C:\WINDOWS\comsetup.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00411406 _____ () C:\WINDOWS\msmqinst.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00271418 _____ () C:\WINDOWS\ntdtcsetup.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00232807 _____ () C:\WINDOWS\netfxocm.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00091854 _____ () C:\WINDOWS\MedCtrOC.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00073391 _____ () C:\WINDOWS\ocmsn.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00067187 _____ () C:\WINDOWS\tabletoc.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00066515 _____ () C:\WINDOWS\msgsocm.log

2014-02-20 22:05 - 2010-12-20 06:39 - 00001374 _____ () C:\WINDOWS\imsins.log

2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Program Files\My Dell

2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr

2014-02-12 16:37 - 2014-02-24 12:00 - 00000347 _____ () C:\Boot.bak

2014-02-12 16:36 - 2013-01-29 11:21 - 00000000 ____D () C:\Documents and Settings\jturner\Local Settings\Application Data\Deployment

2014-02-12 16:36 - 2011-03-09 09:30 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Dropbox

 

Alureon:

C:\Documents and Settings\jturner\Local Settings\Temp\spesmir\spnrhxr\wow.dll

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\system32\winlogon.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

 

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 11 March 2014 - 07:01 AM

Ok, let's do another round:


Step 1

Please download this attached Attached File  fixlist.txt   675bytes   4 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 12 March 2014 - 09:04 AM

Aharonov,

 

I did as you suggested.  I launched FRST.exe and a dialog box opened stating, "Checking for Updates".  After executing the updates (I presume).  The dialog box stayed open as if waiting for another command from me.  I selected the "fix" button and a new dialog box opened stating, "The computer will be restarted to perform the fix" (or something similar to that statement).

 

My computer automatically restarted and logged back in to our network.  Before Windows finished opening the Farbar Recovery Scan Tool Dialog Box opened containing the usual commands, i.e. scan, archive, fix.  Also, a 2nd dialog box opened stating, "Fix completed.  The 'Fixlog.txt' is saved in the same directory FRST is located."  I selected OK and Windows finished initializing and the "Fixlog.txt" file opened.  I copied the text from the file and closed it.

 

I logged back in to the BleepingComputer site to make sure that I was still on track per your directions

 

The contents of the "Fixlog.txt" and "FRST.txt" files are attached below.

 

Fixlog.txt (Begin)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-03-2014
Ran by jturner at 2014-03-12 09:30:15 Run:2
Running from C:\Documents and Settings\jturner\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk
C:\Documents and Settings\jturner\Local Settings\Temp\spesmir
CMD: rd /s/q "C:\Documents and Settings\jturner\Local Settings\Temp\s*"
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Policies\Explorer: [] 
2014-03-08 15:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-08 15:00 - 2014-03-08 15:00 - 00000000 ____S () C:\WINDOWS\system32\drpultn.ceu
Unlock: C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
Reboot:
*****************
 
"C:\Documents and Settings\jturner\Local Settings\Temp\sfniwwk" => File/Directory not found.
"C:\Documents and Settings\jturner\Local Settings\Temp\spesmir" => File/Directory not found.
 
=========  rd /s/q "C:\Documents and Settings\jturner\Local Settings\Temp\s*" =========
 
The filename, directory name, or volume label syntax is incorrect.
 
========= End of CMD: =========
 
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => Value deleted successfully.
 
"C:\Documents and Settings\jturner\Application Data\Irbiiz" directory move:
 
Could not move "C:\Documents and Settings\jturner\Application Data\Irbiiz" directory. => Scheduled to move on reboot.
 
C:\WINDOWS\system32\drpultn.ceu => Moved successfully.
"C:\Documents and Settings\jturner\Application Data\Xaastoyg" => File/Directory unlocked successfully.
 
"C:\Documents and Settings\jturner\Application Data\Xaastoyg" directory move:
 
Could not move "C:\Documents and Settings\jturner\Application Data\Xaastoyg" directory. => Scheduled to move on reboot.
 
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-12 09:37:07)<=
 
"C:\Documents and Settings\jturner\Application Data\Irbiiz" => Directory could not move.
"C:\Documents and Settings\jturner\Application Data\Xaastoyg" => Directory could not move.
 
==== End of Fixlog ====
 
FRST.txt (Begin)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2014
Ran by jturner (administrator) on JEFF-XP-NEW1 on 12-03-2014 10:00:35
Running from C:\Documents and Settings\jturner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
() C:\WINDOWS\System32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(IDT, Inc.) c:\program files\idt\wdm\stacsv.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZDPMACTL.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZScheduler.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZServerPlus.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\SAAZWatchDog.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtdrHlpDk.exe
(Zenith Infotech Ltd) C:\Program Files\SAAZOD\zRealTime\rtHlpDk.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMeeting\1189\g2mlauncher.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SBAMTray] - C:\Program Files\Sunbelt Software\SBEAgent\SBAMTray.exe [669008 2010-01-04] (Sunbelt Software)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\.DEFAULT\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [GoToMeeting] - C:\Program Files\Citrix\GoToMeeting\1189\g2mstart.exe [40816 2013-09-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1261472 2012-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-1782093909-3530200959-3520366946-1219\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-22] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC67412F43028CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.4
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (YouTube) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
 
========================== Services (Whitelisted) =================
 
S3 ATTRcAppSvc; C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [121416 2009-10-09] (SmithMicro Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S3 CommunicatorSvc; C:\Program Files\Power Monitors, Inc\ProVision\CommunicatorSvc.exe [53248 2012-09-19] (Power Monitors, Inc)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-04-15] (SEIKO EPSON CORPORATION)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-09-02] (Flexera Software LLC)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1319768 2013-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2013-05-02] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2006-09-28] ()
R2 SAAZappr; C:\Program Files\SAAZOD\zRealTime\SAAZappr.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZapsc; C:\Program Files\SAAZOD\zRealTime\SAAZapsc.exe [82760 2011-07-05] (Zenith Infotech Ltd)
R2 SAAZDPMACTL; C:\Program Files\SAAZOD\SAAZDPMACTL.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S4 SAAZRemoteSupport; C:\Program Files\SAAZOD\SAAZRemoteSupport.exe [78664 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZScheduler; C:\Program Files\SAAZOD\SAAZScheduler.exe [77824 2010-12-20] (Zenith Infotech Ltd)
R2 SAAZServerPlus; C:\Program Files\SAAZOD\SAAZServerPlus.exe [77824 2009-04-30] (Zenith Infotech Ltd)
R2 SAAZWatchDog; C:\Program Files\SAAZOD\SAAZWatchDog.exe [86856 2010-12-20] (Zenith Infotech Ltd)
S2 SBAMSvc; C:\Program Files\Sunbelt Software\SBEAgent\SBAMSvc.exe [1012080 2010-01-04] (Sunbelt Software)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 STacSV; c:\program files\idt\wdm\stacsv.exe [229458 2010-03-10] (IDT, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2404352 2010-02-02] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [238208 2009-03-13] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [46336 2007-07-23] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [16384 2009-06-22] (Aladdin Knowledge Systems Ltd.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-02] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [240344 2009-08-04] (Intel Corporation)
R3 eppvad_simple; C:\WINDOWS\System32\drivers\EMP_UDAU.sys [17664 2008-05-14] (SEIKO EPSON CORPORATION)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-18] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-18] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-18] (HP)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [35144 2014-01-14] ()
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [28416 2013-03-13] (Citrix Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)
R3 radpms; C:\WINDOWS\System32\DRIVERS\radpms.sys [13408 2010-05-31] (LogMeIn, Inc.)
R3 ROCKEYNT; C:\WINDOWS\System32\DRIVERS\Rockey4.sys [22016 2012-06-04] (Feitian Technologies Co., Ltd.)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [13360 2009-05-13] (Sunbelt Software)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [69936 2009-08-10] (Sunbelt Software)
R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [95024 2009-10-13] (Sunbelt Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [203056 2009-07-15] (Sunbelt Software)
R3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232744 2009-03-24] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1656499 2010-03-10] (IDT, Inc.)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 SWNC8UA3; C:\WINDOWS\System32\DRIVERS\swnc8ua3.sys [190080 2009-03-31] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\WINDOWS\System32\DRIVERS\swumxa3.sys [148096 2009-05-04] (Sierra Wireless Inc.)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [196384 2011-01-30] (Jungo)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 cerc6; No ImagePath
U2 CertPropSvc; 
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt
2014-03-10 15:37 - 2014-03-12 10:01 - 00019495 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-10 15:35 - 2014-03-12 09:37 - 00000000 ____D () C:\FRST
2014-03-10 15:35 - 2014-03-10 15:34 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:36 - 2014-03-10 14:35 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 14:14 - 2014-03-10 13:54 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 14:09 - 2014-03-10 15:19 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-08 15:01 - 2014-03-09 19:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:50 - 2014-03-03 16:56 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-02-27 12:03 - 2014-02-27 15:16 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2014-02-12 16:37 - 00000347 _____ () C:\Boot.bak
2014-02-24 12:00 - 2004-08-04 00:00 - 00260272 __RSH () C:\cmldr
2014-02-24 11:57 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-24 11:57 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-24 11:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-24 11:57 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-24 11:54 - 2014-03-03 17:16 - 00000000 ____D () C:\Qoobox
2014-02-24 11:53 - 2014-03-03 16:59 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
 
==================== One Month Modified Files and Folders =======
 
2014-03-12 10:01 - 2014-03-10 15:37 - 00019495 _____ () C:\Documents and Settings\jturner\Desktop\FRST.txt
2014-03-12 09:54 - 2010-12-20 12:28 - 00000000 ____D () C:\Program Files\SAAZOD
2014-03-12 09:53 - 2014-01-22 11:31 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219UA.job
2014-03-12 09:53 - 2013-12-11 13:11 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Mozilla
2014-03-12 09:46 - 2010-12-22 18:28 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 09:44 - 2010-12-22 18:28 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 09:37 - 2014-03-10 15:35 - 00000000 ____D () C:\FRST
2014-03-12 09:36 - 2010-12-20 11:44 - 01596012 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-12 09:34 - 2010-12-20 11:51 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-12 09:32 - 2010-12-20 11:50 - 00000112 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-03-12 09:32 - 2010-12-20 06:41 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-12 09:32 - 2010-12-20 06:40 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-12 09:31 - 2010-12-20 11:47 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-12 09:30 - 2012-05-29 08:48 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-12 09:30 - 2010-12-20 11:52 - 00000178 ___SH () C:\Documents and Settings\jturner\ntuser.ini
2014-03-12 09:30 - 2010-12-20 11:47 - 00032398 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-12 09:18 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\security
2014-03-12 09:15 - 2010-12-20 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-03-10 21:56 - 2010-12-20 17:33 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-10 21:54 - 2013-11-26 16:51 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-10 21:26 - 2013-11-21 23:51 - 00303829 _____ () C:\WINDOWS\setupapi.log
2014-03-10 16:48 - 2012-02-04 23:47 - 00000356 _____ () C:\WINDOWS\Tasks\AutoUpdaterTask.job
2014-03-10 15:38 - 2014-03-10 15:38 - 00050126 _____ () C:\Documents and Settings\jturner\Desktop\Addition.txt
2014-03-10 15:34 - 2014-03-10 15:35 - 01145856 _____ (Farbar) C:\Documents and Settings\jturner\Desktop\FRST.exe
2014-03-10 15:20 - 2014-03-10 15:20 - 00000000 ___HD () C:\WINDOWS\PIF
2014-03-10 15:19 - 2014-03-10 14:09 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach.txt
2014-03-10 14:48 - 2014-01-22 11:31 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1782093909-3530200959-3520366946-1219Core.job
2014-03-10 14:42 - 2014-03-10 14:42 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(latest).txt
2014-03-10 14:36 - 2012-10-25 10:42 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-10 14:35 - 2014-03-10 14:36 - 00106496 _____ () C:\WINDOWS\Minidump\Mini031014-01.dmp
2014-03-10 14:28 - 2014-03-10 14:28 - 00009522 _____ () C:\Documents and Settings\jturner\Desktop\attach(1).txt
2014-03-10 13:54 - 2014-03-10 14:14 - 00688992 ____R (Swearware) C:\Documents and Settings\jturner\Desktop\dds.com
2014-03-10 13:41 - 2011-01-08 23:45 - 00435086 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-10 13:24 - 2013-03-20 09:19 - 00000410 ____H () C:\WINDOWS\Tasks\Norton Security Scan for jturner.job
2014-03-10 12:30 - 2013-12-13 14:34 - 00000458 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-03-10 09:48 - 2014-01-14 14:12 - 00004584 _____ () C:\Documents and Settings\jturner\Desktop\Rkill.txt
2014-03-10 00:02 - 2010-12-20 12:30 - 00000569 _____ () C:\WINDOWS\system32\ipstuffNew.txt
2014-03-09 19:01 - 2014-03-08 15:01 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Irbiiz
2014-03-09 19:01 - 2010-12-20 12:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-03-09 17:13 - 2008-04-13 19:00 - 00000793 _____ () C:\WINDOWS\win.ini
2014-03-09 13:56 - 2010-12-20 11:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-09 09:11 - 2010-12-20 06:39 - 00006792 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-09 09:06 - 2014-03-09 09:06 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030914-01.dmp
2014-03-09 02:14 - 2010-12-20 06:32 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-03-08 20:58 - 2010-12-20 21:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2296011$
2014-03-08 20:57 - 2010-12-20 11:52 - 00000000 ____D () C:\Documents and Settings\jturner
2014-03-08 18:31 - 2010-12-20 12:00 - 00000000 __HDC () C:\WINDOWS\ie8
2014-03-08 18:28 - 2010-12-20 12:31 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Download Manager
2014-03-08 16:53 - 2012-09-24 10:02 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-08 14:52 - 2014-03-08 14:52 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030814-01.dmp
2014-03-08 10:32 - 2008-04-13 19:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-07 15:32 - 2010-12-22 15:54 - 00000284 _____ () C:\WINDOWS\ccolwiz.ini
2014-03-05 13:45 - 2014-03-05 13:45 - 00122976 _____ (Kaspersky Lab ZAO) C:\zbotkiller.exe
2014-03-05 13:33 - 2010-12-20 21:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB946648$
2014-03-05 13:32 - 2013-09-09 14:39 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-03-05 13:31 - 2013-12-11 13:13 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Optimizer Pro
2014-03-05 12:59 - 2014-03-05 12:59 - 01933048 _____ (Bleeping Computer, LLC) C:\rkill.com
2014-03-05 12:59 - 2014-03-05 12:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030514-01.dmp
2014-03-03 17:47 - 2010-12-20 11:42 - 00019731 _____ () C:\WINDOWS\wmsetup.log
2014-03-03 17:16 - 2014-02-24 11:54 - 00000000 ____D () C:\Qoobox
2014-03-03 17:15 - 2014-03-03 17:15 - 00031693 _____ () C:\ComboFix.txt
2014-03-03 17:05 - 2008-04-13 19:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-03 17:00 - 2010-12-20 06:38 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 50069504 _____ () C:\WINDOWS\system32\config\software.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 07864320 _____ () C:\WINDOWS\system32\config\system.bak
2014-03-03 17:00 - 2010-12-20 06:37 - 00786432 _____ () C:\WINDOWS\system32\config\default.bak
2014-03-03 16:59 - 2014-03-03 16:59 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-03-03 16:59 - 2014-03-03 16:59 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-03-03 16:59 - 2014-02-24 11:53 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-03 16:56 - 2014-03-02 15:50 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Xaastoyg
2014-03-03 15:59 - 2014-03-03 15:59 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-02.dmp
2014-03-03 15:22 - 2014-03-03 15:22 - 05186474 ____R (Swearware) C:\ComboFix.exe
2014-03-03 10:46 - 2014-03-03 10:46 - 00106496 _____ () C:\WINDOWS\Minidump\Mini030314-01.dmp
2014-03-02 15:41 - 2011-11-06 20:11 - 00000330 _____ () C:\WINDOWS\lexstat.ini
2014-02-28 17:55 - 2011-01-08 23:45 - 08259718 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1782093909-3530200959-3520366946-1219-0.dat
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Macromedia
2014-02-28 11:09 - 2010-12-20 12:26 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Adobe
2014-02-27 15:16 - 2014-02-27 12:03 - 00000000 ____D () C:\Brennan (8th Grade)
2014-02-27 11:23 - 2010-12-21 09:02 - 00055808 _____ () C:\Documents and Settings\jturner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-24 15:34 - 2013-09-09 14:39 - 00000000 ____D () C:\Documents and Settings\admin
2014-02-24 12:00 - 2014-02-24 12:00 - 00000000 _RSHD () C:\cmdcons
2014-02-24 12:00 - 2010-12-20 06:37 - 00000464 __RSH () C:\boot.ini
2014-02-23 22:47 - 2014-02-23 22:47 - 00106496 _____ () C:\WINDOWS\Minidump\Mini022314-01.dmp
2014-02-21 15:07 - 2011-01-24 09:24 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Autodesk
2014-02-20 22:06 - 2010-12-20 12:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-02-20 22:05 - 2014-02-20 22:05 - 00005942 _____ () C:\WINDOWS\KB2914368.log
2014-02-20 22:05 - 2014-02-20 22:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-02-20 22:05 - 2010-12-20 06:39 - 01463538 _____ () C:\WINDOWS\iis6.log
2014-02-20 22:05 - 2010-12-20 06:39 - 01321189 _____ () C:\WINDOWS\FaxSetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00643838 _____ () C:\WINDOWS\ocgen.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00610360 _____ () C:\WINDOWS\tsoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00450126 _____ () C:\WINDOWS\comsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00411406 _____ () C:\WINDOWS\msmqinst.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00271418 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00232807 _____ () C:\WINDOWS\netfxocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00091854 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00073391 _____ () C:\WINDOWS\ocmsn.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00067187 _____ () C:\WINDOWS\tabletoc.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00066515 _____ () C:\WINDOWS\msgsocm.log
2014-02-20 22:05 - 2010-12-20 06:39 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Program Files\My Dell
2014-02-20 11:09 - 2013-09-25 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-02-12 16:37 - 2014-02-24 12:00 - 00000347 _____ () C:\Boot.bak
2014-02-12 16:36 - 2013-01-29 11:21 - 00000000 ____D () C:\Documents and Settings\jturner\Local Settings\Application Data\Deployment
2014-02-12 16:36 - 2011-03-09 09:30 - 00000000 ____D () C:\Documents and Settings\jturner\Application Data\Dropbox
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 12 March 2014 - 09:11 AM

Ok, well done. :)
How is your computer running now? What problems and symptoms are still present?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 12 March 2014 - 01:24 PM

Aharonov,

 

Thank You!

 

I'll follow the procedures as you have outlined above.

 

Here is the latest.  My computer is still running a bit sluggish.  Some times more than others.  I got another "Blue Screen of Death" earlier while going about my day-to-day operations, i.e. e-mail, word processing, intuit payroll application, etc.  Nothing too heavy on my processor or memory.  I logged back in to my system as if nothing happened.  I re-opened most if not all of the same applications and then went to lunch leaving my system up and running.  When I came back from lunch, my screen was white and I could see that several website adds were attempting to load.  Some were already visible on my screen.  Again, I had to go to task manager and select "Switch To" in order to get away from the add screens that seem to lock up my computer.  There is no way to minimize the screen(s).  I have to use task manager to change applications.  I did not log off and was still able to access BleepingComputer.com.  Now here we are...

 

I'll attempt to execute your instructions.



#10 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 12 March 2014 - 06:40 PM

Aharonov,
 
The scan was interrupted the first time through by "The Blue Screen of Death".  I logged back on to my system and was able to get the scan to complete the 2nd time around. The scan found 16 threats.  Nothing has been deleted.  I've attached the "log.txt" file below.  I also included a separate text file that was created by the "Export to Text File" feature in the ESET Online Scanner dialogue box.  I realize this information may be redundant. 
 
Log.txt (Begin)
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=df314b7764dade48bb7264cdd48216fa
# engine=17415
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-12 10:35:15
# local_time=2014-03-12 06:35:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=182707
# found=16
# cleaned=0
# scan_time=9311
sh=08255A4B685556014289A59E7C83DB7E2FE86F15 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip"
sh=585C547D1CADF037ECFCA93903814DA4F365E68F ft=1 fh=d10acfcafab673f2 vn="a variant of Win32/ExFriendAlert.B potentially unwanted application" ac=I fn="C:\Documents and Settings\All Users\Application Data\Updater\Uninstall.exe"
sh=9CBC45E2753CE9443ADA53D15E45090264210DBF ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2465.EZ trojan" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\6.0\32\12d63560-7ab72bfa"
sh=C7BFFFEE46EEFA2D9066DDED4906823F1F817053 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Blacole.AK trojan" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\6.0\60\134441bc-1659db4b"
sh=C7BFFFEE46EEFA2D9066DDED4906823F1F817053 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Blacole.AK trojan" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\g43kb6j34kblq6jh34kb6j3kl4.jar-6b0021d3-26e4ce06.zip"
sh=40B74FA97D0650924C59FD8D8D5163F9737E7FB7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mndrtdsf.jar-2eb53931-2e6bb641.zip"
sh=533C202762AD0E1842CCD07534800C80CE1D5AB2 ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.Agent.NDJ trojan" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\notana.jar-246c7105-36ae2450.zip"
sh=391B3B2AED10CBBCEAEC1FABDD1258C739FC6962 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xmltree.jar-4650b81b-6f719cbb.zip"
sh=9DBA33F86528C5E9677781E20B55CF7A0012C5BC ft=0 fh=0000000000000000 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\npnecmendbgogghfmogmmbonjghohngl\4.0.0\background.js"
sh=8FC72A5DD34DCC6F834308C625D01BBA34582EEE ft=1 fh=965752b7e34031ba vn="a variant of Win32/Sefnit.CW trojan" ac=I fn="C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll.xBAD"
sh=71EF47E970A3DCE46E6692E5A3B1A61BBD793E10 ft=1 fh=4ce6123d27f536c8 vn="a variant of Generik.DVTLSPH trojan" ac=I fn="C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Temp\heem.exe.xBAD"
sh=40E5816E244FE92C5107E32919FD47CED244CD17 ft=1 fh=fc3241df83422aa2 vn="Win32/Wowlik.H trojan" ac=I fn="C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\wow.dll.xBAD"
sh=592FE221A26D6194DC58AC1B2CF2BBE77CC63E98 ft=1 fh=6dd6955e46560cb9 vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\c\windows\system32\rpcss.dll.xBAD"
sh=9AB132A943B80DF21836F0A9A1F8318D165F6483 ft=1 fh=6dd6955eaa4120df vn="Win32/Patched.IB trojan" ac=I fn="C:\FRST\Quarantine\c\windows\system32\dllcache\rpcss.dll.xBAD"
sh=19DA0C1B5D6C04CB9D07BEBD2394B0E2A704B030 ft=1 fh=461c29d3a030edf4 vn="a variant of Win32/Injector.AYVH trojan" ac=I fn="C:\Qoobox\Quarantine\C\Documents and Settings\jturner\6759731.exe.vir"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe"
 
 
"Export to Text File" Feature from ESET Online Scanner Dialogue Box (Begin)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B potentially unwanted application
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\6.0\32\12d63560-7ab72bfa a variant of Java/Exploit.CVE-2013-2465.EZ trojan
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\6.0\60\134441bc-1659db4b a variant of Java/Exploit.Blacole.AK trojan
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\g43kb6j34kblq6jh34kb6j3kl4.jar-6b0021d3-26e4ce06.zip a variant of Java/Exploit.Blacole.AK trojan
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mndrtdsf.jar-2eb53931-2e6bb641.zip multiple threats
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\notana.jar-246c7105-36ae2450.zip a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\jturner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\xmltree.jar-4650b81b-6f719cbb.zip multiple threats
C:\Documents and Settings\jturner\Local Settings\Application Data\Google\Chrome\User Data\Default\npnecmendbgogghfmogmmbonjghohngl\4.0.0\background.js Win32/Boaxxe.BE trojan
C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Application Data\Ahwworks\halCfgSpi64.dll.xBAD a variant of Win32/Sefnit.CW trojan
C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Temp\heem.exe.xBAD a variant of Generik.DVTLSPH trojan
C:\FRST\Quarantine\c\Documents and Settings\jturner\Local Settings\Temp\sfniwwk\soicxre\wow.dll.xBAD Win32/Wowlik.H trojan
C:\FRST\Quarantine\c\windows\system32\rpcss.dll.xBAD Win32/Patched.IB trojan
C:\FRST\Quarantine\c\windows\system32\dllcache\rpcss.dll.xBAD Win32/Patched.IB trojan
C:\Qoobox\Quarantine\C\Documents and Settings\jturner\6759731.exe.vir a variant of Win32/Injector.AYVH trojan
C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 13 March 2014 - 03:34 AM

Hello,

the ESET log does not show any active malware that we didn't see before but just some remnants and quarantined files.
Can you please tell me the STOP-code (and the parameters) when the next BSOD occurs? To be able to read them please disable automatic reboot on crash as is described here: http://www.bleepingcomputer.com/forums/t/74644/how-to-disable-automatic-restarts-when-windows-crashes/

 

And I have to call your attention on Windows XP end-of-support that is very soon:
 

You're still working on a Windows XP machine. It's a very old operating system and Microsoft will abandon it in April 2014 when it will reach end-of-support. This means that no more updates will be available and therefor newly discovered security holes will not be patched anymore.

It will become quite risky to surf the internet on a XP machine after April 2014! You'd better start planning now to move to a more recent operating system in time.

If your computer fullfills the system requirements you can install a more modern version of Windows on it, e.g. Windows 7 or Windows 8.1. Otherwise you should consider to purchase a new and contemporary computer.
(As an alternative, if a Windows operating system is not a must and you want to keep working on your old computer, you can also try to install a lightweight version of Linux, e.g. xubuntu or lubuntu.)

Also read through the information that Microsoft provides concerning this end-of-support: http://windows.microsoft.com/en-us/windows/end-support-help



#12 jrturnerxln

jrturnerxln
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Odessa, FL
  • Local time:08:00 AM

Posted 13 March 2014 - 01:12 PM

Aharonov,

 

I'm looking at purchasing a new machine and operating system but it will be a few days or perhaps a week before I narrow it down.  In the mean time, I'd like to get my system running half way decent just to get me through till the end of the month.

 

The BSOD stop code is as follows:

 

IRQL_NOT_LESS_OR_EQUAL

 

blah, blah, blah, ...

 

*** STOP: 0x0000000A (0xE583BB00, 0x0000001C, 0x00000001, 0x804FC96A)

 

blah, blah, blah, ...



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 17 March 2014 - 11:09 AM

Sorry for the delay.


Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:00 PM

Posted 06 April 2014 - 02:01 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users