Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outlook 2007 started acting buggy after recent 3-4 new program installs


  • This topic is locked This topic is locked
22 replies to this topic

#1 MrMark52

MrMark52

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 01 July 2014 - 01:37 PM

Messages tend to hang in my Outlook 2007 outbox more than they used to (I am on high speed cable). But I have also found that having an annula check-up has kept my system running safe, thanks to the team at Bleeping Computer. Your service is much appreciated!

 

DDS logs below and attached as a .zip file.

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.60.2

Run by Markie at 13:24:17 on 2014-07-01

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2273 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\WINDOWS\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Markie\Local Settings\Apps\2.0\5KZKX0W5.9VO\T7W9Z775.NH4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Suunto\Moveslink for Movestick Mini\Moveslink.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl

uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [cdloader] "c:\documents and settings\markie\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [ALconnect] c:\documents and settings\markie\application data\directlife\alconnect\ALconnect.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [DellSystemDetect] c:\documents and settings\markie\local settings\apps\2.0\5kzkx0w5.9vo\t7w9z775.nh4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe

mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe

mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\movesl~1.lnk - c:\windows\installer\{4d036aca-dfdf-41b2-a680-e0d736f3e947}\_22A9010B636AF7A61D8E03.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: dell.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab

DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353069653843

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

TCP: NameServer = 192.168.200.100

TCP: Interfaces\{189AACEE-B5D5-4B50-B406-771EE865D9C1} : DHCPNameServer = 192.168.200.100

TCP: Interfaces\{39C29138-E35B-4581-B377-8DD2AFA3474F} : DHCPNameServer = 192.168.200.100

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\markie\application data\mozilla\firefox\profiles\42c7ciep.default-1380731718515\

FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\markie\application data\mozilla\plugins\npatgpc.dll

FF - plugin: c:\documents and settings\markie\local settings\application data\citrix\plugins\104\npappdetector.dll

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\globalupdate\update\1.3.25.0\npGoogleUpdate4.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 180632]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-3-9 777488]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-3-9 411680]

R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2014-4-2 686360]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloads\microsoft\virtual cd\VCdRom.sys [2001-12-19 8576]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]

R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]

R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-1 24184]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-18 67824]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-9 50344]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2014-5-29 443416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-30 68608]

S3 bnsdusb;Panasonic USB Reader Writer Filter Driver;c:\windows\system32\drivers\bnsdusb.sys --> c:\windows\system32\drivers\bnsdusb.sys [?]

S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys --> c:\windows\system32\drivers\cmudaxv.sys [?]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-30 68608]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

S3 oneuport;MosChip 7703-USB2Serial Port;c:\windows\system32\drivers\oneuport.sys [2005-1-17 851840]

S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2009-9-1 59464]

S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\rtl8192cu.sys --> c:\windows\system32\drivers\RTL8192cu.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

.

=============== Created Last 30 ================

.

2014-07-01 18:01:39 388096 ----a-r- c:\documents and settings\markie\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2014-07-01 15:03:54 -------- d-----w- c:\documents and settings\markie\application data\27978

2014-06-30 23:03:23 -------- d-----w- c:\program files\globalUpdate

2014-06-30 23:03:23 -------- d-----w- c:\documents and settings\markie\local settings\application data\globalUpdate

2014-06-30 23:02:57 -------- d-----w- c:\program files\Torntv V9.0

2014-06-30 21:41:10 -------- d-----w- c:\documents and settings\markie\application data\Titanium

2014-06-30 21:40:29 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys

2014-06-30 21:40:19 -------- d-----w- c:\program files\pia_manager

2014-06-18 14:16:38 -------- d-----w- c:\documents and settings\markie\application data\SUPERAntiSpyware.com

2014-06-18 14:16:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2014-06-12 17:40:19 -------- d-----w- c:\program files\My Dell

2014-06-12 17:26:58 -------- d-----w- c:\documents and settings\markie\local settings\application data\Akamai

2014-06-12 16:53:29 145408 ----a-w- c:\windows\system32\javacpl.cpl

2014-06-12 16:53:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2014-06-11 21:28:37 -------- d-----w- c:\documents and settings\markie\application data\ARecEngine

2014-06-09 21:48:21 -------- d-----w- c:\program files\HitmanPro

2014-06-09 21:47:34 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

.

==================== Find3M  ====================

.

2014-06-11 21:30:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-11 21:30:57 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-05-29 21:10:20 290376 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2014-05-15 09:53:02 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys

2014-05-01 21:53:28 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400147582859

2014-05-01 21:53:28 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-05-01 21:53:28 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-05-01 21:53:27 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

2014-05-01 21:53:27 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1400147582859

2014-05-01 21:53:27 43152 ----a-w- c:\windows\avastSS.scr

2014-05-01 21:53:27 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys

2013-02-14 22:52:47 336 ----a-w- c:\program files\temp995.bat

2009-09-27 14:39:26 415744 --sh--w- c:\windows\system32\avisynth.dll

2004-02-22 15:11:08 764416 --sh--w- c:\windows\system32\devil.dll

.

============= FINISH: 13:25:15.31 ===============

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:00 PM

Posted 06 July 2014 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539613 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 08 July 2014 - 08:02 AM

Outlook had been running uber slow in sending messages with attachments, omtimes not even sending simple messages or replies. SInce my original post, it appears to have sped up, but I'm still not certain all is OK. I have been getting a lot of bogus emails - probably a result of my email address having gotten into one of the bot lists (and I know there is no way to get off those lists, other to just be sure and not reply to any of them "Sorry, I've tried and couldn't send . . . " type or mailer daemon messages. I have run an online scan with HouseCall, as well as a Malwarebytes scan in. I also ran a scan in Safe Mode, but I don't remember which it was (I think Malwarebytes).

 

I do have XP Pro on a cd, and Office as a file that I can mount on a virtual drive.

 

Thanks for your help!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.60.2
Run by Markie at 7:47:28 on 2014-07-08
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2029 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Suunto\Moveslink for Movestick Mini\Moveslink.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [cdloader] "c:\documents and settings\markie\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ALconnect] c:\documents and settings\markie\application data\directlife\alconnect\ALconnect.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [DellSystemDetect] c:\documents and settings\markie\local settings\apps\2.0\5kzkx0w5.9vo\t7w9z775.nh4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [IJNetworkScannerSelectorEX] c:\program files\canon\ij network scanner selector ex\CNMNSST.exe /FORCE
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\movesl~1.lnk - c:\windows\installer\{4d036aca-dfdf-41b2-a680-e0d736f3e947}\_22A9010B636AF7A61D8E03.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353069653843
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.200.100
TCP: Interfaces\{189AACEE-B5D5-4B50-B406-771EE865D9C1} : DHCPNameServer = 192.168.200.100
TCP: Interfaces\{39C29138-E35B-4581-B377-8DD2AFA3474F} : DHCPNameServer = 192.168.200.100
TCP: Interfaces\{CFE4E2EA-0562-4921-926B-785115D7D0A3} : DHCPNameServer = 209.222.18.222 209.222.18.218
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\markie\application data\mozilla\firefox\profiles\42c7ciep.default-1380731718515\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\markie\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\documents and settings\markie\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\globalupdate\update\1.3.25.0\npGoogleUpdate4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1207148.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-18 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2012-3-9 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-3-9 411680]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [2014-4-2 686360]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloads\microsoft\virtual cd\VCdRom.sys [2001-12-19 8576]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-1 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-18 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-9 50344]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-2-28 36600]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2014-5-29 443416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-30 68608]
S3 bnsdusb;Panasonic USB Reader Writer Filter Driver;c:\windows\system32\drivers\bnsdusb.sys --> c:\windows\system32\drivers\bnsdusb.sys [?]
S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;c:\windows\system32\drivers\cmudaxv.sys --> c:\windows\system32\drivers\cmudaxv.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalupdate\update\GoogleUpdate.exe [2014-6-30 68608]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 oneuport;MosChip 7703-USB2Serial Port;c:\windows\system32\drivers\oneuport.sys [2005-1-17 851840]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2009-9-1 59464]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\rtl8192cu.sys --> c:\windows\system32\drivers\RTL8192cu.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2014-07-07 19:25:09    --------    d-----w-    C:\FFOutput
2014-07-07 19:22:51    --------    d-----w-    c:\program files\FreeTime
2014-07-07 17:44:33    --------    d-----w-    C:\multiAVCHD
2014-07-01 22:00:19    --------    d-----w-    c:\documents and settings\markie\local settings\application data\Secunia PSI
2014-07-01 22:00:04    --------    d-----w-    c:\program files\Secunia
2014-07-01 18:01:39    388096    ----a-r-    c:\documents and settings\markie\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-07-01 15:03:54    --------    d-----w-    c:\documents and settings\markie\application data\27978
2014-06-30 23:03:23    --------    d-----w-    c:\program files\globalUpdate
2014-06-30 23:03:23    --------    d-----w-    c:\documents and settings\markie\local settings\application data\globalUpdate
2014-06-30 23:02:57    --------    d-----w-    c:\program files\Torntv V9.0
2014-06-30 21:41:10    --------    d-----w-    c:\documents and settings\markie\application data\Titanium
2014-06-30 21:40:29    26624    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2014-06-30 21:40:19    --------    d-----w-    c:\program files\pia_manager
2014-06-18 14:16:38    --------    d-----w-    c:\documents and settings\markie\application data\SUPERAntiSpyware.com
2014-06-18 14:16:01    --------    d-----w-    c:\program files\SUPERAntiSpyware
2014-06-12 17:40:19    --------    d-----w-    c:\program files\My Dell
2014-06-12 17:26:58    --------    d-----w-    c:\documents and settings\markie\local settings\application data\Akamai
2014-06-12 16:53:29    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-06-12 16:53:07    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-06-11 21:28:37    --------    d-----w-    c:\documents and settings\markie\application data\ARecEngine
2014-06-09 21:48:21    --------    d-----w-    c:\program files\HitmanPro
2014-06-09 21:47:34    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
.
==================== Find3M  ====================
.
2014-06-11 21:30:57    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-11 21:30:57    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-29 21:10:20    290376    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2014-05-15 09:53:02    777488    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-05-01 21:53:28    776976    ----a-w-    c:\windows\system32\drivers\aswsnx.sys.1400147582859
2014-05-01 21:53:28    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-05-01 21:53:28    180632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-05-01 21:53:27    67824    ----a-w-    c:\windows\system32\drivers\aswmonflt.sys
2014-05-01 21:53:27    54832    ----a-w-    c:\windows\system32\drivers\aswrdr.sys.1400147582859
2014-05-01 21:53:27    43152    ----a-w-    c:\windows\avastSS.scr
2014-05-01 21:53:27    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2013-02-14 22:52:47    336    ----a-w-    c:\program files\temp995.bat
2009-09-27 14:39:26    415744    --sh--w-    c:\windows\system32\avisynth.dll
2004-02-22 15:11:08    764416    --sh--w-    c:\windows\system32\devil.dll
.
============= FINISH:  7:48:32.62 ===============
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 08 July 2014 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 08 July 2014 - 11:27 AM

Nasdaq - you've helped me before, and much thanks!

 

Logs attached and below. One other thing I've noticed - on startup, there is a blank window that opens and closes titled "DSD-472". It might have something to do with an old Brother MFD printer I used to have, or a Canon MFD MX-922 that I have now (possibly a network scanner for the device's?).

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Markie (administrator) on MARKDELL on 08-07-2014 10:54:56
Running from C:\Documents and Settings\Markie\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBottedGUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Koninklijke Philips Electronics N.V.) C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Dell) C:\Documents and Settings\Markie\Local Settings\Apps\2.0\5KZKX0W5.9VO\T7W9Z775.NH4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Suunto Oy) C:\Program Files\Suunto\Moveslink for Movestick Mini\Moveslink.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1228800 2007-07-20] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [OSSelectorReinstall] => C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2209224 2007-02-26] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [cdloader] => C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [ALconnect] => C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe [716424 2012-09-04] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Markie\Local Settings\Apps\2.0\5KZKX0W5.9VO\T7W9Z775.NH4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-12] (Dell)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Moveslink for Movestick Mini.lnk
ShortcutTarget: Moveslink for Movestick Mini.lnk -> C:\WINDOWS\Installer\{4D036ACA-DFDF-41B2-A680-E0D736F3E947}\_22A9010B636AF7A61D8E03.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {4A2CC286-3F90-49AD-AA0F-AD6EDC923BAC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {5E9DB3E5-68B8-4983-BBA3-BE258EB9FF32} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} http://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Markie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32asw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\searchplugins\yahoo-avast.xml
FF Extension: NoScript - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-12]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-10-18] (Broadcom Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-01] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-01] ()
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
R1 Ext2Fsd; C:\WINDOWS\system32\Drivers\Ext2Fsd.sys [686360 2011-07-09] (www.ext2fsd.com)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2010-02-04] () [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [11304 2007-07-03] (Ahead Software AG)
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [132904 2007-07-03] (Ahead Software AG)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 oneuport; C:\WINDOWS\System32\DRIVERS\oneuport.sys [851840 2005-02-11] ()
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 RT-USB; C:\WINDOWS\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2005-06-16] (Prolific Technology Inc.) [File not signed]
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-07-22] () [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [26784 2007-12-11] (RapidSolution Software AG)
R1 vcdrom; C:\Downloads\Microsoft\Virtual CD\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
S3 bnsdusb; system32\DRIVERS\bnsdusb.sys [X]
S3 catchme; \??\C:\DOCUME~1\Markie\LOCALS~1\Temp\catchme.sys [X]
U2 CertPropSvc;
S3 cmvad; system32\drivers\cmudaxv.sys [X]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 PCASp50; system32\drivers\PCASp50.sys [X]
S3 PORTIO; \??\C:\Program Files\PICPgm\PortIO.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 10:54 - 2014-07-08 10:55 - 00023654 _____ () C:\Documents and Settings\Markie\Desktop\FRST.txt
2014-07-08 10:54 - 2014-07-08 10:55 - 00000000 ____D () C:\FRST
2014-07-08 10:54 - 2014-07-08 10:54 - 01074688 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2014-07-08 10:50 - 2014-07-08 10:50 - 00003668 _____ () C:\Documents and Settings\Markie\Desktop\AdwCleaner[S2].txt
2014-07-08 10:21 - 2014-07-08 10:22 - 01346519 _____ () C:\Documents and Settings\Markie\Desktop\adwcleaner_3.214.exe
2014-07-08 07:47 - 2014-07-08 07:47 - 00688992 ____R (Swearware) C:\Documents and Settings\Markie\Desktop\dds.com
2014-07-07 14:36 - 2014-07-07 14:36 - 00000000 ____D () C:\Documents and Settings\Markie\My Documents\FormatFactory
2014-07-07 14:25 - 2014-07-07 14:38 - 00000000 ____D () C:\FFOutput
2014-07-07 14:22 - 2014-07-07 16:35 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-07 12:44 - 2014-07-07 13:48 - 00000000 ____D () C:\multiAVCHD
2014-07-07 12:44 - 2014-07-07 12:48 - 00001451 _____ () C:\Documents and Settings\Markie\Desktop\multiAVCHD 4.1.lnk
2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\multiAVCHD
2014-07-03 17:23 - 2014-07-03 17:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Program Files\Secunia
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Secunia PSI
2014-07-01 13:26 - 2014-07-08 07:54 - 00005739 _____ () C:\Documents and Settings\Markie\Desktop\attach.zip
2014-07-01 13:25 - 2014-07-08 07:54 - 00031751 _____ () C:\Documents and Settings\Markie\Desktop\attach.txt
2014-07-01 13:25 - 2014-07-08 07:48 - 00019108 _____ () C:\Documents and Settings\Markie\Desktop\dds.txt
2014-07-01 13:23 - 2014-07-01 13:23 - 00688992 ____R (Swearware) C:\Documents and Settings\All Users\Desktop\dds.com
2014-07-01 11:02 - 2014-07-01 11:02 - 00001840 _____ () C:\WINDOWS\system32\.crusader
2014-07-01 10:03 - 2014-07-01 10:03 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\27978
2014-06-30 16:41 - 2014-06-30 16:41 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Titanium
2014-06-30 16:40 - 2014-06-30 16:41 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-30 16:40 - 2014-06-30 16:40 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-30 16:40 - 2014-06-30 16:40 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\Private Internet Access
2014-06-18 09:16 - 2014-06-18 09:16 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SUPERAntiSpyware.com
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 08:31 - 2014-06-18 08:32 - 00000000 ____D () C:\Program Files\HijackThis
2014-06-17 21:12 - 2014-06-17 21:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-12 12:41 - 2014-07-07 15:28 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-06-12 12:41 - 2014-06-12 12:41 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-12 12:41 - 2014-06-12 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-06-12 12:40 - 2014-06-12 12:41 - 00000000 ____D () C:\Program Files\My Dell
2014-06-12 12:26 - 2014-06-12 12:27 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-12 11:53 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-12 11:53 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-12 11:53 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-12 11:53 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-12 11:53 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-12 11:52 - 2014-06-12 11:53 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-11 16:28 - 2014-06-11 16:30 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\ARecEngine
2014-06-09 16:48 - 2014-07-01 12:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-09 16:47 - 2014-06-10 20:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-09 16:27 - 2014-06-09 16:27 - 01333465 _____ () C:\Documents and Settings\All Users\Desktop\adwcleaner_3.212.exe

==================== One Month Modified Files and Folders =======

2014-07-08 10:55 - 2014-07-08 10:54 - 00023654 _____ () C:\Documents and Settings\Markie\Desktop\FRST.txt
2014-07-08 10:55 - 2014-07-08 10:54 - 00000000 ____D () C:\FRST
2014-07-08 10:55 - 2013-10-16 14:12 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\temp
2014-07-08 10:54 - 2014-07-08 10:54 - 01074688 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2014-07-08 10:53 - 2009-03-13 15:19 - 01117659 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-08 10:50 - 2014-07-08 10:50 - 00003668 _____ () C:\Documents and Settings\Markie\Desktop\AdwCleaner[S2].txt
2014-07-08 10:50 - 2009-03-13 08:59 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-08 10:49 - 2012-07-09 08:05 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-08 10:47 - 2014-03-30 16:33 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-08 10:47 - 2013-04-03 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 10:47 - 2009-03-13 15:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-07-08 10:47 - 2009-03-13 09:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-08 10:47 - 2009-03-13 09:11 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-07-08 10:47 - 2008-04-14 07:00 - 00013732 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-08 10:46 - 2013-10-02 09:41 - 00000316 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-07-08 10:46 - 2012-03-17 07:51 - 00031868 _____ () C:\WINDOWS\error.log
2014-07-08 10:46 - 2009-03-13 15:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-08 10:45 - 2013-10-16 13:04 - 00000000 ____D () C:\AdwCleaner
2014-07-08 10:45 - 2013-08-13 21:21 - 00462202 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-07-08 10:45 - 2009-07-29 09:17 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-07-08 10:45 - 2009-03-13 15:26 - 00000178 ___SH () C:\Documents and Settings\Markie\ntuser.ini
2014-07-08 10:45 - 2009-03-13 15:25 - 00032442 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-08 10:41 - 2013-04-03 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 10:22 - 2014-07-08 10:21 - 01346519 _____ () C:\Documents and Settings\Markie\Desktop\adwcleaner_3.214.exe
2014-07-08 10:17 - 2012-09-05 16:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-08 07:54 - 2014-07-01 13:26 - 00005739 _____ () C:\Documents and Settings\Markie\Desktop\attach.zip
2014-07-08 07:54 - 2014-07-01 13:25 - 00031751 _____ () C:\Documents and Settings\Markie\Desktop\attach.txt
2014-07-08 07:48 - 2014-07-01 13:25 - 00019108 _____ () C:\Documents and Settings\Markie\Desktop\dds.txt
2014-07-08 07:47 - 2014-07-08 07:47 - 00688992 ____R (Swearware) C:\Documents and Settings\Markie\Desktop\dds.com
2014-07-07 16:35 - 2014-07-07 14:22 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-07 15:28 - 2014-06-12 12:41 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-07-07 14:38 - 2014-07-07 14:25 - 00000000 ____D () C:\FFOutput
2014-07-07 14:38 - 2013-12-17 09:11 - 01235432 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1532298954-1417001333-1003-0.dat
2014-07-07 14:38 - 2009-03-13 15:26 - 00000000 ____D () C:\Documents and Settings\Markie
2014-07-07 14:36 - 2014-07-07 14:36 - 00000000 ____D () C:\Documents and Settings\Markie\My Documents\FormatFactory
2014-07-07 14:29 - 2013-10-10 11:05 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\vlc
2014-07-07 13:48 - 2014-07-07 12:44 - 00000000 ____D () C:\multiAVCHD
2014-07-07 12:48 - 2014-07-07 12:44 - 00001451 _____ () C:\Documents and Settings\Markie\Desktop\multiAVCHD 4.1.lnk
2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\multiAVCHD
2014-07-05 12:00 - 2013-10-02 09:42 - 00000310 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-07-03 17:23 - 2014-07-03 17:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-03 17:23 - 2009-07-08 06:16 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-03 17:16 - 2013-09-21 12:56 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\BitTorrent
2014-07-03 16:35 - 2013-12-12 10:23 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\HandBrake
2014-07-03 16:21 - 2009-04-12 20:20 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-03 16:20 - 2009-05-10 14:17 - 00182272 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-02 22:50 - 2014-01-31 18:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-02 16:22 - 2009-04-12 20:24 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\WMTools Downloaded Files
2014-07-02 14:07 - 2012-06-18 12:07 - 00031236 _____ () C:\WINDOWS\wmsetup.log
2014-07-02 07:18 - 2011-05-07 12:42 - 00000712 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 07:18 - 2009-03-13 17:24 - 00000712 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-07-01 17:05 - 2012-04-11 09:59 - 00769527 _____ () C:\WINDOWS\setupapi.log
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Program Files\Secunia
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Secunia PSI
2014-07-01 13:23 - 2014-07-01 13:23 - 00688992 ____R (Swearware) C:\Documents and Settings\All Users\Desktop\dds.com
2014-07-01 13:02 - 2012-01-17 10:05 - 00002449 _____ () C:\Documents and Settings\Markie\Desktop\HiJackThis.lnk
2014-07-01 13:01 - 2012-01-17 10:05 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\HiJackThis
2014-07-01 13:01 - 2010-09-07 11:38 - 00000000 ____D () C:\Program Files\trend micro
2014-07-01 12:53 - 2014-06-09 16:48 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-01 11:23 - 2011-01-08 16:05 - 00000000 ____D () C:\Program Files\eRightSoft
2014-07-01 11:02 - 2014-07-01 11:02 - 00001840 _____ () C:\WINDOWS\system32\.crusader
2014-07-01 10:10 - 2009-03-13 08:59 - 00000000 ____D () C:\WINDOWS\Help
2014-07-01 10:03 - 2014-07-01 10:03 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\27978
2014-07-01 08:03 - 2009-07-22 17:05 - 00000000 ____D () C:\Movies
2014-06-30 16:41 - 2014-06-30 16:41 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Titanium
2014-06-30 16:41 - 2014-06-30 16:40 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-30 16:41 - 2009-08-01 03:46 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Apple Computer
2014-06-30 16:41 - 2009-07-31 22:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Apple Computer
2014-06-30 16:40 - 2014-06-30 16:40 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-30 16:40 - 2014-06-30 16:40 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\Private Internet Access
2014-06-27 16:42 - 2009-10-04 10:20 - 00000000 ____D () C:\LM HP
2014-06-26 09:47 - 2010-05-12 10:03 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-23 12:27 - 2010-01-17 20:54 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\avidemux
2014-06-23 12:03 - 2010-01-17 20:53 - 00000000 ____D () C:\Program Files\Avidemux 2.5
2014-06-18 19:56 - 2012-03-14 10:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2641653$
2014-06-18 16:45 - 2009-03-14 08:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-18 16:42 - 2010-01-18 12:14 - 00000000 ____D () C:\temp
2014-06-18 16:24 - 2014-05-02 11:50 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-06-18 15:13 - 2010-02-23 17:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-18 09:16 - 2014-06-18 09:16 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SUPERAntiSpyware.com
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 09:11 - 2009-09-12 08:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-18 09:11 - 2009-09-12 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-18 08:32 - 2014-06-18 08:31 - 00000000 ____D () C:\Program Files\HijackThis
2014-06-18 07:58 - 2012-05-03 13:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-17 21:13 - 2014-06-17 21:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 21:04 - 2014-05-02 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TP-LINK
2014-06-17 21:03 - 2009-03-14 07:35 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-06-14 12:45 - 2009-03-13 09:07 - 00000361 __RSH () C:\boot.ini
2014-06-12 14:07 - 2009-07-08 06:29 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Deployment
2014-06-12 12:41 - 2014-06-12 12:41 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-12 12:41 - 2014-06-12 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-06-12 12:41 - 2014-06-12 12:40 - 00000000 ____D () C:\Program Files\My Dell
2014-06-12 12:41 - 2012-05-24 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-06-12 12:40 - 2012-05-24 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-06-12 12:27 - 2014-06-12 12:26 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai
2014-06-12 11:58 - 2012-05-24 13:02 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SystemRequirementsLab
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-12 11:53 - 2014-06-12 11:52 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-12 11:53 - 2009-05-05 01:35 - 00000000 ____D () C:\Program Files\Java
2014-06-11 16:30 - 2014-06-11 16:28 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\ARecEngine
2014-06-11 16:30 - 2012-09-05 16:47 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-11 16:30 - 2012-09-05 16:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-11 16:28 - 2014-05-27 11:18 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Adobe
2014-06-11 16:28 - 2009-03-23 21:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-06-11 03:07 - 2009-07-02 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-06-11 03:06 - 2013-07-20 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-11 03:02 - 2009-03-13 16:43 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-10 20:06 - 2014-06-09 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-09 21:13 - 2009-10-14 16:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-06-09 16:27 - 2014-06-09 16:27 - 01333465 _____ () C:\Documents and Settings\All Users\Desktop\adwcleaner_3.212.exe

Some content of TEMP:
====================
C:\Documents and Settings\Markie\Local Settings\temp\AskPIP_FF_.exe
C:\Documents and Settings\Markie\Local Settings\temp\HitmanPro.exe
C:\Documents and Settings\Markie\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Markie\Local Settings\temp\sam__2268_il6605.exe
C:\Documents and Settings\Markie\Local Settings\temp\Updater.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 08 July 2014 - 01:20 PM

The only references to a Canon printer are listed in these lines.
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)


If you can relate to them and think that they were for you previous printer just run the fix as suggested below.
If you do not want to remove them THEN REMOVE the entries in the coded box before saving the file.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
SearchScopes: HKLM - DefaultScope value is missing.
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 bnsdusb; system32\DRIVERS\bnsdusb.sys [X]
S3 catchme; \??\C:\DOCUME~1\Markie\LOCALS~1\Temp\catchme.sys [X]
U2 CertPropSvc;
S3 cmvad; system32\drivers\cmudaxv.sys [X]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 PCASp50; system32\drivers\PCASp50.sys [X]
S3 PORTIO; \??\C:\Program Files\PICPgm\PortIO.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]
C:\Documents and Settings\Markie\Local Settings\temp\AskPIP_FF_.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer performing now?

#7 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 08 July 2014 - 02:24 PM

nasdaq,

 

Machine is runnning much better - it's booting faster and Outlook loads email quicker on startup.

 

I did notice that blank window again at startup - titled "DSD-5900" this time.

 

And I confused you on printers - I now have a Canon MX922 - I used to have a Brother MFC something.

 

Logs posted below:

 

# AdwCleaner v3.214 - Report created 08/07/2014 at 13:46:49
# Updated 29/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Markie - MARKDELL
# Running from : C:\Documents and Settings\Markie\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\prefs.js ]


*************************

AdwCleaner[R0].txt - [7080 octets] - [16/10/2013 13:04:50]
AdwCleaner[R1].txt - [5698 octets] - [16/10/2013 13:12:51]
AdwCleaner[R2].txt - [5758 octets] - [16/10/2013 13:14:55]
AdwCleaner[R3].txt - [5818 octets] - [16/10/2013 13:20:09]
AdwCleaner[R4].txt - [5792 octets] - [29/05/2014 13:25:28]
AdwCleaner[R5].txt - [1173 octets] - [29/05/2014 13:38:56]
AdwCleaner[R6].txt - [1404 octets] - [09/06/2014 16:28:11]
AdwCleaner[R7].txt - [3543 octets] - [08/07/2014 10:43:36]
AdwCleaner[R8].txt - [1488 octets] - [08/07/2014 13:40:31]
AdwCleaner[S0].txt - [5910 octets] - [29/05/2014 13:26:31]
AdwCleaner[S1].txt - [1469 octets] - [09/06/2014 16:36:36]
AdwCleaner[S2].txt - [3668 octets] - [08/07/2014 10:44:54]
AdwCleaner[S3].txt - [1409 octets] - [08/07/2014 13:46:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1469 octets] ##########

 

 Results of screen317's Security Check version 0.99.85  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 1.99.1    
 CCleaner     
 Panda Cloud Cleaner   
 JavaFX 2.1.1    
 Java 7 Update 60  
 Adobe Flash Player     14.0.0.125  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 BillP Studios WinPatrol winpatrol.exe  
 Trend Micro RUBotted RUBotSrv.exe  
 Trend Micro RUBotted RUBottedGUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 09 July 2014 - 08:00 AM

Let me see if I can find the Brother printer key in the Registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    Brother
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#9 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 09 July 2014 - 11:56 AM

nasdaq,

 

SystemLook is saying "script required". Downloaded twice just in case somehow I interruppted the download.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 09 July 2014 - 01:14 PM

The tool may not be compatible with your SP.

Rrom the Start > run box type REGEDIT.

This will open the Registry panel.

Click the Edit menu and select Find

Search all the keys with this string Brother

Just let me know where you find it.
Post the key if you can.


You may also try this.

Run the Farbar tool and in the search function type


Search: Brother

Edited by nasdaq, 09 July 2014 - 01:17 PM.


#11 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 09 July 2014 - 02:25 PM

Registry is full of Brother - and I found one instance of an Epson R280 noted below that I had at one time too - there may be others of it, I didn't look (but will if you need me to). I followed the same uninstall ritual to remove that printer as well.

 

Also ran a scan using the Farbar tool, with both Brother and Epson as search terms. Log follows the registry search for Brother, immediately below -

 

 

 

C:Program Files/Brother/ControlCenter3/brctrcen.exe /StiDevice:%1 /StiEvent:%2

under

HKEY_CLASSES_ROOT\CLSID\{041B34E6-3DD9-448E-BCB9-44BE43745415}\LocalServer32

 

---------------

 

HKEY_CLASSES_ROOT\CLSID\{49EB98D0-2AE4-462b-BAA3-D6F1EEF919F4}

 

---------------

 

All the following under: HKEY_CURRENT_USER\Printers\DevModes2

 

\\Mark/Brother MFC-5460CN Printer

\\MarkDell/Brother MFC-5460CN Printer

\\MarkDell/Brother MFC-5460CN Printer (Copy 1)

 

There is also an EPSON Stylus Photo R280 under this key that I used for a short while, but removed all traces to that printer when I quit using it.

---------------

 

DefaultConfig, LastModifiedConfig, and MRUConfig under HKEY_CURRENT_USER\Software\Autodesk\AutoCAD\R16.1\ACAD-301:409\Profiles\<<Unnamed Profile>>\General

 

---------------

 

5 different listings for Brother BraAdmin under HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks

 

--------------

 

C:\Program Files\Brother\BRADMIN PROFESSIONAL 3\bratimer.exe under HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper

 

--------------

 

Brother BradminPRO Scheduler, Brother BRAgent Service, Brother Web BRAdmin Schedular under HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services

 

--------------

 

DefaultStartup, LoadDevice1 under HKEY_CURRENT_USER\Software\Brother

 

--------------

 

(default) under HKEY_CURRENT_USER\Software\Brother\Brother MFL Pro

 

--------------

 

PrnDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0002\Button0

 

--------------

 

PrnDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0002\Button1

 

--------------

 

PrnDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0002\Button2

 

--------------

 

PrnDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0002\Button3

 

--------------

 

PrnDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0003

 

--------------

 

FaxDriverName under HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN\Tabs\0003\Button0

 

---------------

 

There is a duplicate key to the previous 4 as HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN #2. The first key is HKEY_CURRENT_USER\Software\Brother\ControlCenter\3.0\MFC-5460CN LAN

 

---------------

 

Brother MFC-5460CN Printer (Copy 1) (BRN_B4FED9) under HKEY_CURRENT_USER\Software\Labcenter Electronics\ARES\7\Printers

 

---------------

 

Device, DEVICE0, DEVICE1 under HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\Scan

 

---------------

 

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Brother MFC-5460CN Printer (Copy 1)

 

---------------

 

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\MSWord Editable Sections

 

---------------

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother

 

---------------

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother Administrator Utilities

 

---------------

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Printers

 

---------------

 

HKEY_CURRENT_USER\Software\ScanSoft\PaperPort\DCTool

 

--------------

 

HKEY_CURRENT_USER\Software\ScanSoft\PaperPort\Twain\Last Source

 

--------------

 

HKEY_CURRENT_USER\Software\ScanSoft\PaperPort Desktop Group\Desktops\Desktop0

HKEY_CURRENT_USER\Software\ScanSoft\PaperPort Desktop Group\Desktops\Desktop1

 

--------------

 

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\_GenericFaxSvc

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherBY2PrintLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherBY3PrintLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherBYFaxLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherBYPrintLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherFaxII

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherFaxLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherMFLProLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherP2KPrintLink

HKEY_CURRENT_USER\Software\ScanSoft\PersistentData\EasyLinks\Fax\BrotherPrintII

 

-----------------

 

HKEY_CURRENT_USER\Software\WinRAR SFX

 

----------------

 

HKEY_LOCAL_MACHINE\SOFTWARE\Brother\Brother MFL-Pro

 

----------------

 

HKEY_LOCAL_MACHINE\SOFTWARE\Brother\Printer\InstInfo

 

---------------

 

HKEY_LOCAL_MACHINE\SOFTWARE\Brother\Web BRAdmin

 

 

 

 

 

Farbar scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Markie (administrator) on MARKDELL on 09-07-2014 14:19:52
Running from C:\Documents and Settings\Markie\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\WINDOWS\system32\Crypserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\trend micro\RUBotted\RUBottedGUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\PROGRA~1\MI3AA1~1\rapimgr.exe
(Koninklijke Philips Electronics N.V.) C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Suunto Oy) C:\Program Files\Suunto\Moveslink for Movestick Mini\Moveslink.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\Download Master Utility\DM2.exe
(Microsoft Corporation) C:\WINDOWS\regedit.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1228800 2007-07-20] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-06] (AVAST Software)
HKLM\...\Run: [OSSelectorReinstall] => C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2209224 2007-02-26] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [H/PC Connection Agent] => C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [cdloader] => C:\Documents and Settings\Markie\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [ALconnect] => C:\Documents and Settings\Markie\Application Data\DirectLife\ALconnect\ALconnect.exe [716424 2012-09-04] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-23] (BillP Studios)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5626136 2014-06-05] (SUPERAntiSpyware)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Markie\Local Settings\Apps\2.0\5KZKX0W5.9VO\T7W9Z775.NH4\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-12] (Dell)
HKU\S-1-5-21-1220945662-1532298954-1417001333-1003\...\Run: [Download Master] => C:\Program Files\ASUS\Download Master Utility\DM2.exe [6010368 2013-10-09] (ASUSTeK COMPUTER INC.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Moveslink for Movestick Mini.lnk
ShortcutTarget: Moveslink for Movestick Mini.lnk -> C:\WINDOWS\Installer\{4D036ACA-DFDF-41B2-A680-E0D736F3E947}\_22A9010B636AF7A61D8E03.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {4A2CC286-3F90-49AD-AA0F-AD6EDC923BAC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {5E9DB3E5-68B8-4983-BBA3-BE258EB9FF32} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {E9DB9E7B-A275-41D1-8158-D0423FBEBDEB} URL = http://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&cof=&q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} http://www.sayatv.com/download/SayaTV.cab
DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.100

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: google.com
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Markie\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32asw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Markie\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\searchplugins\yahoo-avast.xml
FF Extension: ASUS Download Master extension - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\Extensions\asusdm_ext@asus.com [2014-07-09]
FF Extension: NoScript - C:\Documents and Settings\Markie\Application Data\Mozilla\Firefox\Profiles\42c7ciep.default-1380731718515\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-12]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [61440 2005-10-18] (Broadcom Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-07-14] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-01] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-01] ()
R2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
R1 Ext2Fsd; C:\WINDOWS\system32\Drivers\Ext2Fsd.sys [686360 2011-07-09] (www.ext2fsd.com)
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2010-02-04] () [File not signed]
S3 grmnusb; C:\WINDOWS\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [11304 2007-07-03] (Ahead Software AG)
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [132904 2007-07-03] (Ahead Software AG)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 oneuport; C:\WINDOWS\System32\DRIVERS\oneuport.sys [851840 2005-02-11] ()
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 RT-USB; C:\WINDOWS\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Ser2pl; C:\WINDOWS\System32\DRIVERS\ser2pl.sys [119424 2005-06-16] (Prolific Technology Inc.) [File not signed]
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2009-07-22] () [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2014-06-30] (The OpenVPN Project) [File not signed]
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [26784 2007-12-11] (RapidSolution Software AG)
R1 vcdrom; C:\Downloads\Microsoft\Virtual CD\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
S3 bnsdusb; system32\DRIVERS\bnsdusb.sys [X]
S3 catchme; \??\C:\DOCUME~1\Markie\LOCALS~1\Temp\catchme.sys [X]
U2 CertPropSvc;
S3 cmvad; system32\drivers\cmudaxv.sys [X]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S2 PCASp50; system32\drivers\PCASp50.sys [X]
S3 PORTIO; \??\C:\Program Files\PICPgm\PortIO.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-09 12:19 - 2014-07-09 12:19 - 00000000 ____D () C:\Program Files\ASUS
2014-07-09 12:19 - 2014-07-09 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility
2014-07-09 12:10 - 2014-07-09 12:10 - 00000116 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Interface.url
2014-07-09 12:03 - 2014-07-09 12:04 - 00000255 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Downloads.lnk
2014-07-09 12:01 - 2014-07-09 12:02 - 00000399 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Router.lnk
2014-07-09 08:11 - 2014-07-09 11:51 - 00139264 _____ () C:\Documents and Settings\Markie\Desktop\SystemLook.exe
2014-07-08 13:26 - 2014-07-08 13:27 - 00000812 _____ () C:\Documents and Settings\Markie\Desktop\fixlist.txt
2014-07-08 10:56 - 2014-07-08 10:57 - 00049443 _____ () C:\Documents and Settings\Markie\Desktop\Addition.txt
2014-07-08 10:54 - 2014-07-09 14:20 - 00024091 _____ () C:\Documents and Settings\Markie\Desktop\FRST.txt
2014-07-08 10:54 - 2014-07-09 14:20 - 00000000 ____D () C:\FRST
2014-07-08 10:54 - 2014-07-08 10:54 - 01074688 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2014-07-08 10:50 - 2014-07-08 10:50 - 00003668 _____ () C:\Documents and Settings\Markie\Desktop\AdwCleaner[S2].txt
2014-07-08 10:21 - 2014-07-08 13:40 - 01346519 _____ () C:\Documents and Settings\Markie\Desktop\adwcleaner_3.214.exe
2014-07-08 07:47 - 2014-07-08 07:47 - 00688992 ____R (Swearware) C:\Documents and Settings\Markie\Desktop\dds.com
2014-07-07 14:36 - 2014-07-07 14:36 - 00000000 ____D () C:\Documents and Settings\Markie\My Documents\FormatFactory
2014-07-07 14:25 - 2014-07-07 14:38 - 00000000 ____D () C:\FFOutput
2014-07-07 14:22 - 2014-07-07 16:35 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-07 12:44 - 2014-07-07 13:48 - 00000000 ____D () C:\multiAVCHD
2014-07-07 12:44 - 2014-07-07 12:48 - 00001451 _____ () C:\Documents and Settings\Markie\Desktop\multiAVCHD 4.1.lnk
2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\multiAVCHD
2014-07-03 17:23 - 2014-07-03 17:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Program Files\Secunia
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Secunia PSI
2014-07-01 13:26 - 2014-07-08 07:54 - 00005739 _____ () C:\Documents and Settings\Markie\Desktop\attach.zip
2014-07-01 13:25 - 2014-07-08 07:54 - 00031751 _____ () C:\Documents and Settings\Markie\Desktop\attach.txt
2014-07-01 13:25 - 2014-07-08 07:48 - 00019108 _____ () C:\Documents and Settings\Markie\Desktop\dds.txt
2014-07-01 13:23 - 2014-07-01 13:23 - 00688992 ____R (Swearware) C:\Documents and Settings\All Users\Desktop\dds.com
2014-07-01 11:02 - 2014-07-01 11:02 - 00001840 _____ () C:\WINDOWS\system32\.crusader
2014-07-01 10:03 - 2014-07-01 10:03 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\27978
2014-06-30 16:41 - 2014-06-30 16:41 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Titanium
2014-06-30 16:40 - 2014-06-30 16:41 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-30 16:40 - 2014-06-30 16:40 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-30 16:40 - 2014-06-30 16:40 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\Private Internet Access
2014-06-18 09:16 - 2014-06-18 09:16 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SUPERAntiSpyware.com
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 08:31 - 2014-06-18 08:32 - 00000000 ____D () C:\Program Files\HijackThis
2014-06-17 21:12 - 2014-06-17 21:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-12 12:41 - 2014-07-08 20:00 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-06-12 12:41 - 2014-07-08 15:00 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-06-12 12:41 - 2014-06-12 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-06-12 12:40 - 2014-06-12 12:41 - 00000000 ____D () C:\Program Files\My Dell
2014-06-12 12:26 - 2014-06-12 12:27 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-12 11:53 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-12 11:53 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-12 11:53 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-12 11:53 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-12 11:53 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-12 11:52 - 2014-06-12 11:53 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-11 16:28 - 2014-06-11 16:30 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\ARecEngine
2014-06-09 16:48 - 2014-07-01 12:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-09 16:47 - 2014-06-10 20:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-09 16:27 - 2014-06-09 16:27 - 01333465 _____ () C:\Documents and Settings\All Users\Desktop\adwcleaner_3.212.exe

==================== One Month Modified Files and Folders =======

2014-07-09 14:20 - 2014-07-08 10:54 - 00024091 _____ () C:\Documents and Settings\Markie\Desktop\FRST.txt
2014-07-09 14:20 - 2014-07-08 10:54 - 00000000 ____D () C:\FRST
2014-07-09 14:20 - 2013-10-16 14:12 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\temp
2014-07-09 14:17 - 2012-09-05 16:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-09 13:53 - 2012-07-09 08:05 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-09 13:41 - 2013-04-03 16:25 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 12:19 - 2014-07-09 12:19 - 00000000 ____D () C:\Program Files\ASUS
2014-07-09 12:19 - 2014-07-09 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ASUS Utility
2014-07-09 12:19 - 2009-03-14 08:28 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-09 12:10 - 2014-07-09 12:10 - 00000116 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Interface.url
2014-07-09 12:04 - 2014-07-09 12:03 - 00000255 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Downloads.lnk
2014-07-09 12:02 - 2014-07-09 12:01 - 00000399 _____ () C:\Documents and Settings\Markie\Desktop\ASUS Router.lnk
2014-07-09 11:51 - 2014-07-09 08:11 - 00139264 _____ () C:\Documents and Settings\Markie\Desktop\SystemLook.exe
2014-07-09 08:16 - 2009-03-13 15:19 - 01164646 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-09 08:09 - 2013-07-20 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 08:09 - 2009-07-02 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-09 08:09 - 2009-03-13 16:43 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 06:17 - 2009-03-13 15:25 - 00032408 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-08 21:41 - 2013-04-03 16:25 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 20:00 - 2014-06-12 12:41 - 00000520 _____ () C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2014-07-08 16:17 - 2012-09-05 16:47 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 16:17 - 2012-09-05 16:47 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-06-12 12:41 - 00000408 _____ () C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2014-07-08 15:00 - 2014-03-30 16:33 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 14:00 - 2013-10-17 14:09 - 00854390 _____ () C:\Documents and Settings\Markie\Desktop\SecurityCheck.exe
2014-07-08 13:53 - 2009-03-13 08:59 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-07-08 13:50 - 2014-03-30 16:33 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-08 13:50 - 2008-04-14 07:00 - 00013732 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-08 13:49 - 2013-10-02 09:41 - 00000316 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-07-08 13:49 - 2012-03-17 07:51 - 00032116 _____ () C:\WINDOWS\error.log
2014-07-08 13:49 - 2009-03-13 15:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-08 13:49 - 2009-03-13 15:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-07-08 13:49 - 2009-03-13 09:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-08 13:49 - 2009-03-13 09:11 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-07-08 13:47 - 2013-10-16 13:04 - 00000000 ____D () C:\AdwCleaner
2014-07-08 13:47 - 2009-07-29 09:17 - 00000012 _____ () C:\WINDOWS\bthservsdp.dat
2014-07-08 13:47 - 2009-03-13 15:26 - 00000178 ___SH () C:\Documents and Settings\Markie\ntuser.ini
2014-07-08 13:40 - 2014-07-08 10:21 - 01346519 _____ () C:\Documents and Settings\Markie\Desktop\adwcleaner_3.214.exe
2014-07-08 13:29 - 2009-03-13 15:26 - 00000000 ____D () C:\Documents and Settings\Markie
2014-07-08 13:27 - 2014-07-08 13:26 - 00000812 _____ () C:\Documents and Settings\Markie\Desktop\fixlist.txt
2014-07-08 10:57 - 2014-07-08 10:56 - 00049443 _____ () C:\Documents and Settings\Markie\Desktop\Addition.txt
2014-07-08 10:54 - 2014-07-08 10:54 - 01074688 _____ (Farbar) C:\Documents and Settings\Markie\Desktop\FRST.exe
2014-07-08 10:50 - 2014-07-08 10:50 - 00003668 _____ () C:\Documents and Settings\Markie\Desktop\AdwCleaner[S2].txt
2014-07-08 10:45 - 2013-08-13 21:21 - 00462202 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-07-08 07:54 - 2014-07-01 13:26 - 00005739 _____ () C:\Documents and Settings\Markie\Desktop\attach.zip
2014-07-08 07:54 - 2014-07-01 13:25 - 00031751 _____ () C:\Documents and Settings\Markie\Desktop\attach.txt
2014-07-08 07:48 - 2014-07-01 13:25 - 00019108 _____ () C:\Documents and Settings\Markie\Desktop\dds.txt
2014-07-08 07:47 - 2014-07-08 07:47 - 00688992 ____R (Swearware) C:\Documents and Settings\Markie\Desktop\dds.com
2014-07-07 16:35 - 2014-07-07 14:22 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-07 14:38 - 2014-07-07 14:25 - 00000000 ____D () C:\FFOutput
2014-07-07 14:38 - 2013-12-17 09:11 - 01235432 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1532298954-1417001333-1003-0.dat
2014-07-07 14:36 - 2014-07-07 14:36 - 00000000 ____D () C:\Documents and Settings\Markie\My Documents\FormatFactory
2014-07-07 14:29 - 2013-10-10 11:05 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\vlc
2014-07-07 13:48 - 2014-07-07 12:44 - 00000000 ____D () C:\multiAVCHD
2014-07-07 12:48 - 2014-07-07 12:44 - 00001451 _____ () C:\Documents and Settings\Markie\Desktop\multiAVCHD 4.1.lnk
2014-07-07 12:44 - 2014-07-07 12:44 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\multiAVCHD
2014-07-05 12:00 - 2013-10-02 09:42 - 00000310 _____ () C:\WINDOWS\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-07-03 17:23 - 2014-07-03 17:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-03 17:23 - 2009-07-08 06:16 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-03 17:16 - 2013-09-21 12:56 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\BitTorrent
2014-07-03 16:35 - 2013-12-12 10:23 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\HandBrake
2014-07-03 16:21 - 2009-04-12 20:20 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-03 16:20 - 2009-05-10 14:17 - 00182272 _____ () C:\Documents and Settings\Markie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-02 22:50 - 2014-01-31 18:10 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-07-02 16:22 - 2009-04-12 20:24 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\WMTools Downloaded Files
2014-07-02 14:07 - 2012-06-18 12:07 - 00031236 _____ () C:\WINDOWS\wmsetup.log
2014-07-02 07:18 - 2011-05-07 12:42 - 00000712 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-02 07:18 - 2009-03-13 17:24 - 00000712 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-07-01 17:05 - 2012-04-11 09:59 - 00769527 _____ () C:\WINDOWS\setupapi.log
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Program Files\Secunia
2014-07-01 17:00 - 2014-07-01 17:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Secunia PSI
2014-07-01 13:23 - 2014-07-01 13:23 - 00688992 ____R (Swearware) C:\Documents and Settings\All Users\Desktop\dds.com
2014-07-01 13:02 - 2012-01-17 10:05 - 00002449 _____ () C:\Documents and Settings\Markie\Desktop\HiJackThis.lnk
2014-07-01 13:01 - 2012-01-17 10:05 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\HiJackThis
2014-07-01 13:01 - 2010-09-07 11:38 - 00000000 ____D () C:\Program Files\trend micro
2014-07-01 12:53 - 2014-06-09 16:48 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-01 11:23 - 2011-01-08 16:05 - 00000000 ____D () C:\Program Files\eRightSoft
2014-07-01 11:02 - 2014-07-01 11:02 - 00001840 _____ () C:\WINDOWS\system32\.crusader
2014-07-01 10:10 - 2009-03-13 08:59 - 00000000 ____D () C:\WINDOWS\Help
2014-07-01 10:03 - 2014-07-01 10:03 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\27978
2014-07-01 08:03 - 2009-07-22 17:05 - 00000000 ____D () C:\Movies
2014-06-30 16:41 - 2014-06-30 16:41 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Titanium
2014-06-30 16:41 - 2014-06-30 16:40 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-30 16:41 - 2009-08-01 03:46 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\Apple Computer
2014-06-30 16:41 - 2009-07-31 22:00 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Apple Computer
2014-06-30 16:40 - 2014-06-30 16:40 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-30 16:40 - 2014-06-30 16:40 - 00000000 ____D () C:\Documents and Settings\Markie\Start Menu\Programs\Private Internet Access
2014-06-27 16:42 - 2009-10-04 10:20 - 00000000 ____D () C:\LM HP
2014-06-26 09:47 - 2010-05-12 10:03 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-23 12:27 - 2010-01-17 20:54 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\avidemux
2014-06-23 12:03 - 2010-01-17 20:53 - 00000000 ____D () C:\Program Files\Avidemux 2.5
2014-06-18 19:56 - 2012-03-14 10:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2641653$
2014-06-18 16:42 - 2010-01-18 12:14 - 00000000 ____D () C:\temp
2014-06-18 16:24 - 2014-05-02 11:50 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-06-18 15:13 - 2010-02-23 17:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-18 09:16 - 2014-06-18 09:16 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SUPERAntiSpyware.com
2014-06-18 09:16 - 2014-06-18 09:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-06-18 09:11 - 2009-09-12 08:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-06-18 09:11 - 2009-09-12 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-18 08:32 - 2014-06-18 08:31 - 00000000 ____D () C:\Program Files\HijackThis
2014-06-18 07:58 - 2012-05-03 13:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-17 21:13 - 2014-06-17 21:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-17 21:04 - 2014-05-02 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TP-LINK
2014-06-17 21:03 - 2009-03-14 07:35 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-06-14 12:45 - 2009-03-13 09:07 - 00000361 __RSH () C:\boot.ini
2014-06-12 14:07 - 2009-07-08 06:29 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Deployment
2014-06-12 12:41 - 2014-06-12 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell
2014-06-12 12:41 - 2014-06-12 12:40 - 00000000 ____D () C:\Program Files\My Dell
2014-06-12 12:41 - 2012-05-24 13:06 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-06-12 12:40 - 2012-05-24 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCDr
2014-06-12 12:27 - 2014-06-12 12:26 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Akamai
2014-06-12 11:58 - 2012-05-24 13:02 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\SystemRequirementsLab
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-12 11:53 - 2014-06-12 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-12 11:53 - 2014-06-12 11:52 - 00003964 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-12 11:53 - 2009-05-05 01:35 - 00000000 ____D () C:\Program Files\Java
2014-06-11 16:30 - 2014-06-11 16:28 - 00000000 ____D () C:\Documents and Settings\Markie\Application Data\ARecEngine
2014-06-11 16:28 - 2014-05-27 11:18 - 00000000 ____D () C:\Documents and Settings\Markie\Local Settings\Application Data\Adobe
2014-06-11 16:28 - 2009-03-23 21:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-06-10 20:06 - 2014-06-09 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-09 21:13 - 2009-10-14 16:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2014-06-09 16:27 - 2014-06-09 16:27 - 01333465 _____ () C:\Documents and Settings\All Users\Desktop\adwcleaner_3.212.exe

Some content of TEMP:
====================
C:\Documents and Settings\Markie\Local Settings\temp\AskPIP_FF_.exe
C:\Documents and Settings\Markie\Local Settings\temp\HitmanPro.exe
C:\Documents and Settings\Markie\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Markie\Local Settings\temp\sam__2268_il6605.exe
C:\Documents and Settings\Markie\Local Settings\temp\Updater.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 10 July 2014 - 07:29 AM

Let see what the Start menu2 will show us

; Instructions: Copy and paste the text IN the code box into a text editor such as Notepad.
;
; Save this text as My_Search.bat. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 
regedit /e C:\look.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother" 
Right click on the My_Search.bat file and run it.

This will create a file look.txt on you C:\ root folder.

Copy and past the results on your next post.

#13 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 10 July 2014 - 08:33 AM

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother]
"Order"=hex:08,00,00,00,02,00,00,00,98,00,00,00,01,00,00,00,01,00,00,00,8c,00,\
  00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,31,\
  00,00,00,00,00,ac,3c,cd,82,10,00,53,43,41,4e,53,4f,7e,31,2e,30,00,00,44,00,\
  03,00,04,00,ef,be,ac,3c,cd,82,e2,44,5d,62,14,00,00,00,53,00,63,00,61,00,6e,\
  00,53,00,6f,00,66,00,74,00,20,00,50,00,61,00,70,00,65,00,72,00,50,00,6f,00,\
  72,00,74,00,20,00,39,00,2e,00,30,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,\
  00,00,00,1a,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN]
"Order"=hex:08,00,00,00,02,00,00,00,66,06,00,00,01,00,00,00,0c,00,00,00,7e,00,\
  00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,31,\
  00,00,00,00,00,2b,40,16,66,10,00,50,43,2d,46,41,58,7e,32,00,00,38,00,03,00,\
  04,00,ef,be,2b,40,16,66,f0,42,9b,0a,14,00,00,00,50,00,43,00,2d,00,46,00,41,\
  00,58,00,20,00,52,00,65,00,63,00,65,00,69,00,76,00,69,00,6e,00,67,00,00,00,\
  18,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,7a,\
  00,00,00,01,00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,\
  31,00,00,00,00,00,2b,40,15,66,10,00,50,43,2d,46,41,58,7e,31,00,00,34,00,03,\
  00,04,00,ef,be,2b,40,14,66,f0,42,9b,0a,14,00,00,00,50,00,43,00,2d,00,46,00,\
  41,00,58,00,20,00,53,00,65,00,6e,00,64,00,69,00,6e,00,67,00,00,00,18,00,0e,\
  00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,7e,00,00,00,\
  02,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,31,00,00,\
  00,00,00,2b,40,19,66,10,00,53,43,41,4e,4e,45,7e,31,00,00,38,00,03,00,04,00,\
  ef,be,2b,40,19,66,f0,42,9b,0a,14,00,00,00,53,00,63,00,61,00,6e,00,6e,00,65,\
  00,72,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00,18,00,\
  0e,00,00,00,0a,00,ef,be,00,00,00,00,18,00,00,00,00,00,00,00,00,00,86,00,00,\
  00,03,00,00,00,78,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,00,\
  f4,06,00,00,2b,40,1b,66,20,00,43,4f,4e,54,52,4f,7e,31,2e,4c,4e,4b,00,00,3c,\
  00,03,00,04,00,ef,be,2b,40,1b,66,ee,42,c9,89,14,00,00,00,43,00,6f,00,6e,00,\
  74,00,72,00,6f,00,6c,00,43,00,65,00,6e,00,74,00,65,00,72,00,33,00,2e,00,6c,\
  00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
  00,00,00,00,00,00,9a,00,00,00,04,00,00,00,8c,00,00,00,41,75,67,4d,02,00,00,\
  00,01,00,00,00,7a,00,32,00,b0,06,00,00,2b,40,1c,66,20,00,49,4e,53,54,41,4c,\
  7e,31,2e,4c,4e,4b,00,00,50,00,03,00,04,00,ef,be,2b,40,1c,66,ee,42,c9,89,14,\
  00,00,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,\
  6e,00,20,00,44,00,69,00,61,00,67,00,6e,00,6f,00,73,00,74,00,69,00,63,00,73,\
  00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
  1c,00,00,00,00,00,00,00,00,00,a0,00,00,00,0b,00,00,00,92,00,00,00,41,75,67,\
  4d,02,00,00,00,01,00,00,00,80,00,32,00,2a,00,00,00,2b,40,1d,66,20,00,4e,45,\
  54,57,4f,52,7e,31,2e,55,52,4c,00,00,56,00,03,00,04,00,ef,be,2b,40,1d,66,ee,\
  42,d8,89,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,20,00,50,00,\
  68,00,6f,00,74,00,6f,00,43,00,61,00,70,00,74,00,75,00,72,00,65,00,20,00,43,\
  00,65,00,6e,00,74,00,65,00,72,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,\
  00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,05,\
  00,00,00,88,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,66,00,\
  00,00,2b,40,1d,66,20,00,4f,4e,2d,4c,49,4e,7e,31,2e,55,52,4c,00,00,4c,00,03,\
  00,04,00,ef,be,2b,40,1d,66,ee,42,d8,89,14,00,00,00,4f,00,6e,00,2d,00,6c,00,\
  69,00,6e,00,65,00,20,00,68,00,65,00,6c,00,70,00,20,00,61,00,6e,00,64,00,20,\
  00,46,00,41,00,51,00,27,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,\
  00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,06,\
  00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,30,07,\
  00,00,2b,40,1a,66,20,00,4f,4e,2d,4c,49,4e,7e,31,2e,4c,4e,4b,00,00,48,00,03,\
  00,04,00,ef,be,2b,40,1a,66,ee,42,c9,89,14,00,00,00,4f,00,6e,00,2d,00,4c,00,\
  69,00,6e,00,65,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,\
  00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
  ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,07,00,00,00,6a,\
  00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,92,06,00,00,2b,40,\
  18,66,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,00,ef,\
  be,2b,40,18,66,ee,42,ca,89,14,00,00,00,52,00,65,00,61,00,64,00,20,00,4d,00,\
  65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
  00,1c,00,00,00,00,00,00,00,00,00,82,00,00,00,08,00,00,00,74,00,00,00,41,75,\
  67,4d,02,00,00,00,01,00,00,00,62,00,32,00,bc,06,00,00,2b,40,17,66,20,00,52,\
  45,4d,4f,54,45,7e,31,2e,4c,4e,4b,00,00,38,00,03,00,04,00,ef,be,2b,40,17,66,\
  ee,42,ca,89,14,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,20,00,53,00,65,\
  00,74,00,75,00,70,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,\
  ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,86,00,00,00,09,00,00,00,78,\
  00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,66,00,32,00,f0,06,00,00,2b,40,\
  1b,66,20,00,53,54,41,54,55,53,7e,31,2e,4c,4e,4b,00,00,3c,00,03,00,04,00,ef,\
  be,2b,40,1b,66,ee,42,ca,89,14,00,00,00,53,00,74,00,61,00,74,00,75,00,73,00,\
  20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,2e,00,6c,00,6e,00,6b,00,00,\
  00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
  7c,00,00,00,0a,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,\
  00,32,00,e1,06,00,00,2b,40,17,66,20,00,55,4e,49,4e,53,54,7e,31,2e,4c,4e,4b,\
  00,00,32,00,03,00,04,00,ef,be,2b,40,17,66,ee,42,ca,89,14,00,00,00,55,00,6e,\
  00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,2e,00,6c,00,6e,00,6b,00,00,00,\
  1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\PC-FAX Receiving]
"Order"=hex:08,00,00,00,02,00,00,00,22,01,00,00,01,00,00,00,02,00,00,00,a0,00,\
  00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
  00,c9,06,00,00,2b,40,16,66,20,00,48,4f,57,54,4f,55,7e,31,2e,4c,4e,4b,00,00,\
  56,00,03,00,04,00,ef,be,2b,40,16,66,83,41,53,7b,14,00,00,00,48,00,6f,00,77,\
  00,20,00,74,00,6f,00,20,00,75,00,73,00,65,00,20,00,50,00,43,00,2d,00,46,00,\
  41,00,58,00,20,00,52,00,65,00,63,00,65,00,69,00,76,00,69,00,6e,00,67,00,2e,\
  00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
  00,00,00,00,00,00,00,00,76,00,00,00,01,00,00,00,68,00,00,00,41,75,67,4d,02,\
  00,00,00,01,00,00,00,56,00,32,00,ab,06,00,00,2b,40,16,66,20,00,52,65,63,65,\
  69,76,65,2e,6c,6e,6b,00,2e,00,03,00,04,00,ef,be,2b,40,16,66,83,41,53,7b,14,\
  00,00,00,52,00,65,00,63,00,65,00,69,00,76,00,65,00,2e,00,6c,00,6e,00,6b,00,\
  00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,00,00,00,00,00,\
  00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\PC-FAX Sending]
"Order"=hex:08,00,00,00,02,00,00,00,50,02,00,00,01,00,00,00,04,00,00,00,96,00,\
  00,00,00,00,00,00,88,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,\
  00,8f,06,00,00,2b,40,16,66,20,00,41,44,44,52,45,53,7e,31,2e,4c,4e,4b,00,00,\
  4c,00,03,00,04,00,ef,be,2b,40,15,66,83,41,53,7b,14,00,00,00,41,00,64,00,64,\
  00,72,00,65,00,73,00,73,00,20,00,42,00,6f,00,6f,00,6b,00,20,00,43,00,6f,00,\
  6e,00,76,00,65,00,72,00,74,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
  00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,\
  00,00,01,00,00,00,8e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,\
  00,d7,06,00,00,2b,40,14,66,20,00,48,4f,57,54,4f,55,7e,31,2e,4c,4e,4b,00,00,\
  52,00,03,00,04,00,ef,be,2b,40,14,66,83,41,53,7b,14,00,00,00,48,00,6f,00,77,\
  00,20,00,74,00,6f,00,20,00,75,00,73,00,65,00,20,00,50,00,43,00,2d,00,46,00,\
  41,00,58,00,20,00,53,00,65,00,6e,00,64,00,69,00,6e,00,67,00,2e,00,6c,00,6e,\
  00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,\
  00,00,00,00,90,00,00,00,02,00,00,00,82,00,00,00,41,75,67,4d,02,00,00,00,01,\
  00,00,00,70,00,32,00,ac,06,00,00,2b,40,15,66,20,00,50,43,2d,46,41,58,7e,31,\
  2e,4c,4e,4b,00,00,46,00,03,00,04,00,ef,be,2b,40,15,66,83,41,53,7b,14,00,00,\
  00,50,00,43,00,2d,00,46,00,41,00,58,00,20,00,41,00,64,00,64,00,72,00,65,00,\
  73,00,73,00,20,00,42,00,6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
  00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,82,00,\
  00,00,03,00,00,00,74,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,62,00,32,\
  00,9b,06,00,00,2b,40,15,66,20,00,50,43,2d,46,41,58,7e,32,2e,4c,4e,4b,00,00,\
  38,00,03,00,04,00,ef,be,2b,40,15,66,83,41,53,7b,14,00,00,00,50,00,43,00,2d,\
  00,46,00,41,00,58,00,20,00,53,00,65,00,74,00,75,00,70,00,2e,00,6c,00,6e,00,\
  6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
  00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\Scanner Settings]
"Order"=hex:08,00,00,00,02,00,00,00,24,01,00,00,01,00,00,00,02,00,00,00,88,00,\
  00,00,00,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
  00,98,06,00,00,2b,40,19,66,20,00,53,43,41,4e,4e,45,7e,31,2e,4c,4e,4b,00,00,\
  3e,00,03,00,04,00,ef,be,2b,40,19,66,83,41,53,7b,14,00,00,00,53,00,63,00,61,\
  00,6e,00,6e,00,65,00,72,00,20,00,55,00,74,00,69,00,6c,00,69,00,74,00,79,00,\
  2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
  00,00,00,00,00,00,00,00,00,90,00,00,00,01,00,00,00,82,00,00,00,41,75,67,4d,\
  02,00,00,00,01,00,00,00,70,00,32,00,98,06,00,00,2b,40,19,66,20,00,53,43,41,\
  4e,4e,45,7e,32,2e,4c,4e,4b,00,00,46,00,03,00,04,00,ef,be,2b,40,19,66,83,41,\
  53,7b,14,00,00,00,53,00,63,00,61,00,6e,00,6e,00,65,00,72,00,20,00,55,00,74,\
  00,69,00,6c,00,69,00,74,00,79,00,2e,00,74,00,78,00,74,00,2e,00,6c,00,6e,00,\
  6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
  00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\ScanSoft PaperPort 9.0]
"Order"=hex:08,00,00,00,02,00,00,00,06,01,00,00,01,00,00,00,02,00,00,00,7e,00,\
  00,00,00,00,00,00,70,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5e,00,32,\
  00,d7,08,00,00,7a,41,c8,a8,20,00,50,41,47,45,56,49,7e,31,2e,4c,4e,4b,00,00,\
  34,00,03,00,04,00,ef,be,ac,3c,cd,82,b8,44,0f,88,14,00,00,00,50,00,61,00,67,\
  00,65,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,\
  1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7c,\
  00,00,00,01,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,\
  32,00,d5,08,00,00,7a,41,ed,a8,20,00,50,41,50,45,52,50,7e,31,2e,4c,4e,4b,00,\
  00,32,00,03,00,04,00,ef,be,ac,3c,cd,82,b8,44,0f,88,14,00,00,00,50,00,61,00,\
  70,00,65,00,72,00,50,00,6f,00,72,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,\
  00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:00 PM

Posted 10 July 2014 - 10:53 AM

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\PC-FAX Receiving]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\PC-FAX Sending]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\MFC-5460CN LAN\Scanner Settings]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Brother\ScanSoft PaperPort 9.0]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

How is it now?

#15 MrMark52

MrMark52
  • Topic Starter

  • Members
  • 97 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 10 July 2014 - 11:06 AM

nasdaq,

 

Got it done, machine has made incrementle steps towards running better throughout the effort. Booting is faster now also. You've worked your magic again!

 

I did note the blank window still shows up as the tray is loading with icons during boot (Avast sent out a new update this AM that required a reboot) - the title on the window this time is DSD_4076. Interesting, the number keeps changing and there doesn't appear to be rhyme or reason to the value. I can do a screenshot of it and post if it helps.

 

I'm not certain that there may be remnants of the Epson printer in the registry as well. But in reality, I don't know that this blank window is a result of either of those printers.

 

Let me know what you think, and then we can do some houskeeping. :-)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users