Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple explorer.exe processes being spawned - slow as molasses


  • This topic is locked This topic is locked
26 replies to this topic

#1 AllanK

AllanK

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 November 2014 - 05:48 PM

This computer is almost impossible to use in Normal mode and only marginally better in Safe Mode.  I downloaded and ran dds.com, but it only generated an attach.txt log (maybe because I had to run it in Safe Mode?)

 

I have attached the zipped attach.txt file.  Should I try to run dds.com again in Normal Mode?

 

As always, any help is greatly appreciated!

 

Cheers,

Allan

Attached Files


"Stupidity is forever: ignorance can be fixed."


BC AdBot (Login to Remove)

 


#2 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 23 November 2014 - 06:18 PM

I should add, that even in Safe Mode multiple explorer.exe processes are being spawned, and I have to constantly kill them to get anything done.


"Stupidity is forever: ignorance can be fixed."


#3 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 24 November 2014 - 11:38 AM

I ran dds.com again in Normal Mode and it didn't generate a dds.txt file this time either.


"Stupidity is forever: ignorance can be fixed."


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:55 PM

Posted 25 November 2014 - 11:51 AM

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 November 2014 - 04:21 PM

Hi bleepin' tiger, thanks for picking this one up.  Here are the logs.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by HP_Administrator (administrator) on HELENOFCYBER on 25-11-2014 15:14:46
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\KBD\KBD.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-25] (Hewlett-Packard Company)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1126407778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-09-28] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-11-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [EPSON NX420 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: {684a2f24-f3db-11dd-8508-0013d4204f3f} - L:\LaunchU3.exe -a
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-471697612-46257615-1860656430-1008\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> DefaultScope {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {F0AB001C-0AAE-40E5-B12A-69A14ECCC07A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252107338593
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Filter: text/html - No CLSID Value - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\user.js
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\Extensions\ascsurfingprotection@iobit.com [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-02]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-28]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - {54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - {62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - {DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - {CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-04]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-05]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-05]
CHR Extension: (Slick Savings) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-05]
CHR Extension: (HP Product Detection Plugin) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2011-04-02]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-05]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04]
CHR HKLM\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx []
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-28]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wajam\Chrome\wajam.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Slick Savings\coupons.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\YontooLayers.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-03-17] () [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-11-23] (CACE Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 WinRM; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:14 - 2014-11-25 15:14 - 00000000 ____D () C:\FRST
2014-11-23 17:35 - 2014-11-23 17:35 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\Program Files\ESET
2014-11-23 16:21 - 2014-06-04 15:17 - 00031008 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-11-23 16:20 - 2014-06-04 15:17 - 00109856 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-11-23 16:19 - 2014-11-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 3
2014-11-23 16:19 - 2014-06-04 15:17 - 00015808 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2014-11-23 13:52 - 2014-11-23 13:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeInIgnition
2014-11-23 13:50 - 2014-11-23 21:01 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-11-23 13:50 - 2014-11-23 21:01 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-23 13:50 - 2014-11-23 13:50 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn
2014-11-23 13:50 - 2014-10-31 11:54 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-11-23 13:50 - 2014-10-31 11:53 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-11-23 13:50 - 2014-10-31 11:15 - 00047640 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2014-11-23 13:49 - 2014-10-31 11:53 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-11-23 13:48 - 2014-11-25 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-11-23 13:48 - 2014-11-23 13:48 - 00001024 _____ () C:\.rnd
2014-11-23 13:45 - 2014-11-23 13:45 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-23 13:44 - 2014-11-23 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-23 13:42 - 2014-11-23 15:21 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-23 13:32 - 2014-11-23 13:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\ProductData
2014-11-23 12:58 - 2014-11-23 12:58 - 00000000 ____D () C:\Dbz4B213
2014-11-23 12:42 - 2014-11-23 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NETGEARGenie
2014-11-23 12:42 - 2014-11-23 12:42 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf
2014-11-23 12:41 - 2014-11-23 12:41 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00035088 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2014-11-23 12:41 - 2014-11-23 12:41 - 00001708 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Genie.lnk
2014-11-23 12:41 - 2014-11-23 12:39 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys
2014-11-23 12:38 - 2014-11-23 12:41 - 00000000 ____D () C:\Program Files\NETGEAR Genie
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-11-23 12:37 - 2014-11-23 12:38 - 00412976 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006746 _____ () C:\WINDOWS\iis6.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006158 _____ () C:\WINDOWS\FaxSetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002081 _____ () C:\WINDOWS\comsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001261 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000689 _____ () C:\WINDOWS\plusoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000430 _____ () C:\WINDOWS\MedCtrOC.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000338 _____ () C:\WINDOWS\ehOCGen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00001932 _____ () C:\WINDOWS\msmqinst.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-11-23 12:37 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-11-23 12:36 - 2014-11-23 12:42 - 00002681 _____ () C:\WINDOWS\setupact.log
2014-11-23 12:36 - 2014-11-23 12:39 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2014-11-23 12:36 - 2014-11-23 12:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-23 12:36 - 2014-11-23 12:34 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2014-11-23 12:22 - 2014-11-23 12:20 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-11-23 12:13 - 2014-11-23 21:02 - 00000288 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2014-11-23 12:13 - 2014-11-23 21:02 - 00000286 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job
2014-11-23 12:12 - 2014-11-23 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 2
2014-11-23 11:55 - 2014-11-23 11:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\RealNetworks
2014-11-23 11:46 - 2014-11-23 11:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CleanUp!
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2014-11-23 11:43 - 2014-11-23 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Program Files\Common Files\IObit
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2014-11-23 11:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2014-11-23 11:41 - 2014-11-23 11:41 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-11-23 11:34 - 2014-11-23 11:34 - 00001824 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-11-20 08:20 - 2014-11-23 21:03 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-20 08:03 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\AVG2015
2014-11-20 08:00 - 2014-11-20 08:00 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-11-20 07:53 - 2014-11-20 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-20 07:32 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Avg2015
2014-11-20 07:19 - 2014-11-24 02:41 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-19 09:48 - 2014-11-25 15:13 - 00263925 _____ () C:\WINDOWS\setupapi.log
2014-11-19 09:48 - 2014-11-20 08:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-19 07:21 - 2014-11-23 21:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 07:21 - 2014-11-23 21:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 07:21 - 2014-11-19 07:21 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-11-18 13:21 - 2014-11-18 13:21 - 00068732 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\opeboeco
2014-11-10 08:18 - 2014-11-10 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-31 11:15 - 2014-10-31 11:15 - 00025248 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys
2014-10-29 21:35 - 2014-10-29 21:35 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:15 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\temp
2014-11-25 15:07 - 2013-02-26 15:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-25 14:26 - 2013-07-27 13:30 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 08:26 - 2013-07-27 13:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 08:05 - 2013-07-27 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-24 21:25 - 2011-07-26 20:22 - 00000408 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2014-11-24 19:07 - 2014-09-04 06:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-23 21:49 - 2005-08-09 21:17 - 00000190 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-11-23 21:07 - 2011-04-02 08:37 - 00000000 ___RD () C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
2014-11-23 21:07 - 2011-04-02 08:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
2014-11-23 21:03 - 2013-02-24 07:12 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-23 21:03 - 2005-01-28 03:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-23 21:02 - 2014-03-15 07:14 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-23 21:02 - 2005-01-28 03:55 - 02059158 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 21:01 - 2005-01-27 20:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-23 20:59 - 2005-01-28 03:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-23 20:43 - 2005-04-28 08:47 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-23 20:43 - 2005-04-28 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-23 16:19 - 2011-04-02 06:52 - 00000000 ____D () C:\Program Files\IObit
2014-11-23 16:14 - 2011-04-02 06:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\IObit
2014-11-23 16:05 - 2005-01-27 22:58 - 00000279 __RSH () C:\boot.ini
2014-11-23 15:56 - 2005-08-09 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint
2014-11-23 15:55 - 2008-10-09 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-11-23 15:46 - 2005-08-14 15:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2014-11-23 15:46 - 2005-08-09 22:05 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2014-11-23 15:46 - 2005-01-27 20:26 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-11-23 15:43 - 2014-04-04 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-11-23 13:19 - 2005-01-28 03:55 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-23 13:18 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-23 12:43 - 2008-07-21 15:14 - 00073728 _____ () C:\WINDOWS\system32\RtNicProp32.dll
2014-11-23 12:43 - 2008-02-25 11:54 - 00130432 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\Rtnicxp.sys
2014-11-23 12:27 - 2005-08-09 21:23 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-11-23 12:20 - 2005-09-21 15:29 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2014-11-23 12:20 - 2005-09-07 09:40 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2014-11-23 12:20 - 2005-04-28 07:57 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 05630168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2014-11-23 12:20 - 2005-04-28 07:57 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2014-11-23 12:02 - 2005-01-27 19:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-23 12:01 - 2012-12-18 22:19 - 46235648 _____ () C:\WINDOWS\system32\config\software.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00303104 _____ () C:\WINDOWS\system32\config\default.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00069632 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-11-23 12:01 - 2005-04-28 07:38 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-23 11:46 - 2011-04-02 12:13 - 00000000 ____D () C:\Program Files\CleanUp!
2014-11-23 11:45 - 2010-01-24 08:59 - 00056640 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-23 11:43 - 2005-04-28 08:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2014-11-23 11:42 - 2011-05-19 06:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2014-11-23 11:34 - 2005-04-28 08:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-11-23 11:31 - 2005-08-09 21:24 - 00000278 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini
2014-11-23 11:31 - 2005-08-09 21:24 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-11-23 11:29 - 2013-07-27 13:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Computer Maintenance
2014-11-20 08:14 - 2013-07-27 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
2014-11-20 08:04 - 2013-07-27 14:13 - 00000000 ____D () C:\Program Files\AVG
2014-11-20 08:02 - 2013-07-27 14:15 - 00000000 ___HD () C:\$AVG
2014-11-18 10:03 - 2011-04-02 14:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\JOHN
2014-11-18 09:55 - 2013-07-27 13:36 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Desktop Items
2014-11-15 08:23 - 2011-04-02 08:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox
2014-11-12 11:06 - 2009-01-20 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 11:05 - 2013-07-17 22:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 11:00 - 2005-08-14 14:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 09:02 - 2011-04-23 13:34 - 00062893 _____ () C:\install.log
2014-11-11 17:10 - 2013-02-26 15:33 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 17:10 - 2012-03-01 07:59 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-10 15:04 - 2012-05-05 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 14:46 - 2014-03-15 07:14 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-03 06:57 - 2005-01-28 03:47 - 00579058 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 18:36 - 2011-04-02 12:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 20:42 - 2009-09-15 12:09 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\MOM'S FINANICAL
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dllnt_dump.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprz4jeb.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\vmpremov.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
Hi bleepin' tiger, thanks for picking this one up.  Here are the logs.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by HP_Administrator (administrator) on HELENOFCYBER on 25-11-2014 15:14:46
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\KBD\KBD.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-25] (Hewlett-Packard Company)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1126407778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-09-28] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-11-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [EPSON NX420 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: {684a2f24-f3db-11dd-8508-0013d4204f3f} - L:\LaunchU3.exe -a
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-471697612-46257615-1860656430-1008\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKLM -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-19 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-19 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-20 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-20 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> DefaultScope {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=SnapdoGOblidooYB&co=US&userid=fbe353b4-636c-4e8f-a67b-e635bed1b9dc&searchtype=ds&q={searchTerms}&installDate=20/07/2013
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {F0AB001C-0AAE-40E5-B12A-69A14ECCC07A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252107338593
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Filter: text/html - No CLSID Value - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\user.js
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\Extensions\ascsurfingprotection@iobit.com [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-02]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-28]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - {54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - {62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - {DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - {CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-04]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-05]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-05]
CHR Extension: (Slick Savings) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-05]
CHR Extension: (HP Product Detection Plugin) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2011-04-02]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-05]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04]
CHR HKLM\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx []
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-28]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wajam\Chrome\wajam.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Slick Savings\coupons.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\YontooLayers.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-03-17] () [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-11-23] (CACE Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 WinRM; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:14 - 2014-11-25 15:14 - 00000000 ____D () C:\FRST
2014-11-23 17:35 - 2014-11-23 17:35 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\Program Files\ESET
2014-11-23 16:21 - 2014-06-04 15:17 - 00031008 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-11-23 16:20 - 2014-06-04 15:17 - 00109856 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-11-23 16:19 - 2014-11-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 3
2014-11-23 16:19 - 2014-06-04 15:17 - 00015808 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2014-11-23 13:52 - 2014-11-23 13:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeInIgnition
2014-11-23 13:50 - 2014-11-23 21:01 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-11-23 13:50 - 2014-11-23 21:01 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-23 13:50 - 2014-11-23 13:50 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn
2014-11-23 13:50 - 2014-10-31 11:54 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-11-23 13:50 - 2014-10-31 11:53 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-11-23 13:50 - 2014-10-31 11:15 - 00047640 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2014-11-23 13:49 - 2014-10-31 11:53 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-11-23 13:48 - 2014-11-25 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-11-23 13:48 - 2014-11-23 13:48 - 00001024 _____ () C:\.rnd
2014-11-23 13:45 - 2014-11-23 13:45 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-23 13:44 - 2014-11-23 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-23 13:42 - 2014-11-23 15:21 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-23 13:32 - 2014-11-23 13:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\ProductData
2014-11-23 12:58 - 2014-11-23 12:58 - 00000000 ____D () C:\Dbz4B213
2014-11-23 12:42 - 2014-11-23 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NETGEARGenie
2014-11-23 12:42 - 2014-11-23 12:42 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf
2014-11-23 12:41 - 2014-11-23 12:41 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00035088 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2014-11-23 12:41 - 2014-11-23 12:41 - 00001708 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Genie.lnk
2014-11-23 12:41 - 2014-11-23 12:39 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys
2014-11-23 12:38 - 2014-11-23 12:41 - 00000000 ____D () C:\Program Files\NETGEAR Genie
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-11-23 12:37 - 2014-11-23 12:38 - 00412976 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006746 _____ () C:\WINDOWS\iis6.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006158 _____ () C:\WINDOWS\FaxSetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002081 _____ () C:\WINDOWS\comsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001261 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000689 _____ () C:\WINDOWS\plusoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000430 _____ () C:\WINDOWS\MedCtrOC.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000338 _____ () C:\WINDOWS\ehOCGen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00001932 _____ () C:\WINDOWS\msmqinst.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-11-23 12:37 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-11-23 12:36 - 2014-11-23 12:42 - 00002681 _____ () C:\WINDOWS\setupact.log
2014-11-23 12:36 - 2014-11-23 12:39 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2014-11-23 12:36 - 2014-11-23 12:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-23 12:36 - 2014-11-23 12:34 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2014-11-23 12:22 - 2014-11-23 12:20 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-11-23 12:13 - 2014-11-23 21:02 - 00000288 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2014-11-23 12:13 - 2014-11-23 21:02 - 00000286 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job
2014-11-23 12:12 - 2014-11-23 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 2
2014-11-23 11:55 - 2014-11-23 11:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\RealNetworks
2014-11-23 11:46 - 2014-11-23 11:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CleanUp!
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2014-11-23 11:43 - 2014-11-23 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Program Files\Common Files\IObit
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2014-11-23 11:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2014-11-23 11:41 - 2014-11-23 11:41 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-11-23 11:34 - 2014-11-23 11:34 - 00001824 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-11-20 08:20 - 2014-11-23 21:03 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-20 08:03 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\AVG2015
2014-11-20 08:00 - 2014-11-20 08:00 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-11-20 07:53 - 2014-11-20 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-20 07:32 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Avg2015
2014-11-20 07:19 - 2014-11-24 02:41 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-19 09:48 - 2014-11-25 15:13 - 00263925 _____ () C:\WINDOWS\setupapi.log
2014-11-19 09:48 - 2014-11-20 08:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-19 07:21 - 2014-11-23 21:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 07:21 - 2014-11-23 21:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 07:21 - 2014-11-19 07:21 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-11-18 13:21 - 2014-11-18 13:21 - 00068732 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\opeboeco
2014-11-10 08:18 - 2014-11-10 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-31 11:15 - 2014-10-31 11:15 - 00025248 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys
2014-10-29 21:35 - 2014-10-29 21:35 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:15 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\temp
2014-11-25 15:07 - 2013-02-26 15:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-25 14:26 - 2013-07-27 13:30 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 08:26 - 2013-07-27 13:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 08:05 - 2013-07-27 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-24 21:25 - 2011-07-26 20:22 - 00000408 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2014-11-24 19:07 - 2014-09-04 06:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-23 21:49 - 2005-08-09 21:17 - 00000190 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-11-23 21:07 - 2011-04-02 08:37 - 00000000 ___RD () C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
2014-11-23 21:07 - 2011-04-02 08:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
2014-11-23 21:03 - 2013-02-24 07:12 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-23 21:03 - 2005-01-28 03:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-23 21:02 - 2014-03-15 07:14 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-23 21:02 - 2005-01-28 03:55 - 02059158 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 21:01 - 2005-01-27 20:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-23 20:59 - 2005-01-28 03:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-23 20:43 - 2005-04-28 08:47 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-23 20:43 - 2005-04-28 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-23 16:19 - 2011-04-02 06:52 - 00000000 ____D () C:\Program Files\IObit
2014-11-23 16:14 - 2011-04-02 06:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\IObit
2014-11-23 16:05 - 2005-01-27 22:58 - 00000279 __RSH () C:\boot.ini
2014-11-23 15:56 - 2005-08-09 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint
2014-11-23 15:55 - 2008-10-09 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-11-23 15:46 - 2005-08-14 15:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2014-11-23 15:46 - 2005-08-09 22:05 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2014-11-23 15:46 - 2005-01-27 20:26 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-11-23 15:43 - 2014-04-04 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-11-23 13:19 - 2005-01-28 03:55 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-23 13:18 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-23 12:43 - 2008-07-21 15:14 - 00073728 _____ () C:\WINDOWS\system32\RtNicProp32.dll
2014-11-23 12:43 - 2008-02-25 11:54 - 00130432 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\Rtnicxp.sys
2014-11-23 12:27 - 2005-08-09 21:23 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-11-23 12:20 - 2005-09-21 15:29 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2014-11-23 12:20 - 2005-09-07 09:40 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2014-11-23 12:20 - 2005-04-28 07:57 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 05630168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2014-11-23 12:20 - 2005-04-28 07:57 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2014-11-23 12:02 - 2005-01-27 19:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-23 12:01 - 2012-12-18 22:19 - 46235648 _____ () C:\WINDOWS\system32\config\software.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00303104 _____ () C:\WINDOWS\system32\config\default.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00069632 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-11-23 12:01 - 2005-04-28 07:38 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-23 11:46 - 2011-04-02 12:13 - 00000000 ____D () C:\Program Files\CleanUp!
2014-11-23 11:45 - 2010-01-24 08:59 - 00056640 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-23 11:43 - 2005-04-28 08:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2014-11-23 11:42 - 2011-05-19 06:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2014-11-23 11:34 - 2005-04-28 08:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-11-23 11:31 - 2005-08-09 21:24 - 00000278 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini
2014-11-23 11:31 - 2005-08-09 21:24 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-11-23 11:29 - 2013-07-27 13:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Computer Maintenance
2014-11-20 08:14 - 2013-07-27 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
2014-11-20 08:04 - 2013-07-27 14:13 - 00000000 ____D () C:\Program Files\AVG
2014-11-20 08:02 - 2013-07-27 14:15 - 00000000 ___HD () C:\$AVG
2014-11-18 10:03 - 2011-04-02 14:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\JOHN
2014-11-18 09:55 - 2013-07-27 13:36 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Desktop Items
2014-11-15 08:23 - 2011-04-02 08:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox
2014-11-12 11:06 - 2009-01-20 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 11:05 - 2013-07-17 22:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 11:00 - 2005-08-14 14:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 09:02 - 2011-04-23 13:34 - 00062893 _____ () C:\install.log
2014-11-11 17:10 - 2013-02-26 15:33 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 17:10 - 2012-03-01 07:59 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-10 15:04 - 2012-05-05 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 14:46 - 2014-03-15 07:14 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-03 06:57 - 2005-01-28 03:47 - 00579058 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 18:36 - 2011-04-02 12:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 20:42 - 2009-09-15 12:09 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\MOM'S FINANICAL
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dllnt_dump.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprz4jeb.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\vmpremov.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Attached Files


"Stupidity is forever: ignorance can be fixed."


#6 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 November 2014 - 04:30 PM

Whoops!  Not sure what happened, but the previous posted log has a bunch tags instead of text.  Here is a clean version:

 

==================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014

Ran by HP_Administrator (administrator) on HELENOFCYBER on 25-11-2014 15:14:46
Running from C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Loaded Profile: HP_Administrator (Available profiles: HP_Administrator & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard Company) C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\hp\KBD\KBD.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [High Definition Audio Property Page Shortcut] => C:\WINDOWS\system32\HDAudPropShortcut.exe [61952 2004-03-18] (Windows ® Server 2003 DDK provider)
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [245760 2005-02-25] (Hewlett-Packard Company)
HKLM\...\Run: [LSBWatcher] => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1126407778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296096 2012-09-28] (RealNetworks, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-11-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2014-10-31] (LogMeIn, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [EPSON NX420 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-471697612-46257615-1860656430-1008\...\MountPoints2: {684a2f24-f3db-11dd-8508-0013d4204f3f} - L:\LaunchU3.exe -a
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED ()
Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-471697612-46257615-1860656430-1008\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-471697612-46257615-1860656430-1008\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.aol.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> DefaultScope {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {BBC1AD0C-5604-4D8C-BC76-DF4C8952D097} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> {F0AB001C-0AAE-40E5-B12A-69A14ECCC07A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-471697612-46257615-1860656430-1008 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Filter: text/html - No CLSID Value - No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\user.js
FF SearchPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\Extensions\ascsurfingprotection@iobit.com [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-02]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-28]
FF HKLM\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - {54FBE89E-C878-46bb-A064-AB327EE26EBC} [Not Found]
FF Extension: No Name - {62DD0A97-FDD4-421b-94A5-D1A9434450C7} [Not Found]
FF Extension: No Name - {DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [Not Found]
FF Extension: No Name - {CA8C84C6-3918-41b1-BE77-049B2BDD887C} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-04-04]
CHR Extension: (YouTube) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-04]
CHR Extension: (Google Search) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-04]
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-04-05]
CHR Extension: (Domain Error Assistant) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-04-05]
CHR Extension: (Slick Savings) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-04-05]
CHR Extension: (HP Product Detection Plugin) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2011-04-02]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-04-05]
CHR Extension: (Gmail) - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-04]
CHR HKLM\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx []
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-28]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wajam\Chrome\wajam.crx [2013-05-02]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Slick Savings\coupons.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\YontooLayers.crx [2014-04-04]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-03-17] () [File not signed]
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2014-11-06] (NETGEAR)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-02] (Promise Technology, Inc.)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [113664 2004-03-18] (Windows ® Server 2003 DDK provider)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-11-23] (CACE Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [15808 2014-06-04] (IObit)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 WinRM; C:\WINDOWS\System32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:14 - 2014-11-25 15:14 - 00000000 ____D () C:\FRST
2014-11-23 17:35 - 2014-11-23 17:35 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-11-23 16:46 - 2014-11-23 16:46 - 00000000 ____D () C:\Program Files\ESET
2014-11-23 16:21 - 2014-06-04 15:17 - 00031008 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2014-11-23 16:20 - 2014-06-04 15:17 - 00109856 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2014-11-23 16:19 - 2014-11-23 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Smart Defrag 3
2014-11-23 16:19 - 2014-06-04 15:17 - 00015808 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2014-11-23 13:52 - 2014-11-23 13:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeInIgnition
2014-11-23 13:50 - 2014-11-23 21:01 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-11-23 13:50 - 2014-11-23 21:01 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-23 13:50 - 2014-11-23 13:50 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\LogMeIn
2014-11-23 13:50 - 2014-10-31 11:54 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-11-23 13:50 - 2014-10-31 11:53 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-11-23 13:50 - 2014-10-31 11:15 - 00047640 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2014-11-23 13:49 - 2014-10-31 11:53 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-11-23 13:48 - 2014-11-25 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-11-23 13:48 - 2014-11-23 13:48 - 00001024 _____ () C:\.rnd
2014-11-23 13:45 - 2014-11-23 13:45 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-11-23 13:44 - 2014-11-23 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-11-23 13:42 - 2014-11-23 15:21 - 00000000 ____D () C:\Program Files\LogMeIn
2014-11-23 13:32 - 2014-11-23 13:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\ProductData
2014-11-23 12:58 - 2014-11-23 12:58 - 00000000 ____D () C:\Dbz4B213
2014-11-23 12:42 - 2014-11-23 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\NETGEARGenie
2014-11-23 12:42 - 2014-11-23 12:42 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_point32_01009.Wdf
2014-11-23 12:41 - 2014-11-23 12:41 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2014-11-23 12:41 - 2014-11-23 12:41 - 00035088 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2014-11-23 12:41 - 2014-11-23 12:41 - 00001708 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Genie.lnk
2014-11-23 12:41 - 2014-11-23 12:39 - 00040936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\point32.sys
2014-11-23 12:38 - 2014-11-23 12:41 - 00000000 ____D () C:\Program Files\NETGEAR Genie
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2014-11-23 12:38 - 2014-11-23 12:38 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2014-11-23 12:37 - 2014-11-23 12:38 - 00412976 _____ () C:\WINDOWS\Wdf01009Inst.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006746 _____ () C:\WINDOWS\iis6.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00006158 _____ () C:\WINDOWS\FaxSetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002821 _____ () C:\WINDOWS\tsoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00002081 _____ () C:\WINDOWS\comsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001393 _____ () C:\WINDOWS\imsins.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001261 _____ () C:\WINDOWS\ntdtcsetup.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000689 _____ () C:\WINDOWS\plusoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000430 _____ () C:\WINDOWS\MedCtrOC.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000338 _____ () C:\WINDOWS\ehOCGen.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-11-23 12:37 - 2014-11-23 12:38 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00001932 _____ () C:\WINDOWS\msmqinst.log
2014-11-23 12:37 - 2014-11-23 12:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01009$
2014-11-23 12:37 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2014-11-23 12:36 - 2014-11-23 12:42 - 00002681 _____ () C:\WINDOWS\setupact.log
2014-11-23 12:36 - 2014-11-23 12:39 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll
2014-11-23 12:36 - 2014-11-23 12:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-23 12:36 - 2014-11-23 12:34 - 00045288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2014-11-23 12:22 - 2014-11-23 12:20 - 00026084 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-11-23 12:13 - 2014-11-23 21:02 - 00000288 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job
2014-11-23 12:13 - 2014-11-23 21:02 - 00000286 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job
2014-11-23 12:12 - 2014-11-23 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 2
2014-11-23 11:55 - 2014-11-23 11:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\RealNetworks
2014-11-23 11:46 - 2014-11-23 11:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\CleanUp!
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-11-23 11:44 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2014-11-23 11:43 - 2014-11-23 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Program Files\Common Files\IObit
2014-11-23 11:42 - 2014-11-23 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2014-11-23 11:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IObit
2014-11-23 11:41 - 2014-11-23 11:41 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-11-23 11:34 - 2014-11-23 11:34 - 00001824 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-11-20 08:20 - 2014-11-23 21:03 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-20 08:03 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\AVG2015
2014-11-20 08:00 - 2014-11-20 08:00 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2014-11-20 07:53 - 2014-11-20 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-20 07:32 - 2014-11-20 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Avg2015
2014-11-20 07:19 - 2014-11-24 02:41 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-19 09:48 - 2014-11-25 15:13 - 00263925 _____ () C:\WINDOWS\setupapi.log
2014-11-19 09:48 - 2014-11-20 08:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-19 07:21 - 2014-11-23 21:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-19 07:21 - 2014-11-23 21:00 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-19 07:21 - 2014-11-19 07:21 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-11-18 13:21 - 2014-11-18 13:21 - 00068732 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\opeboeco
2014-11-10 08:18 - 2014-11-10 08:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-31 11:15 - 2014-10-31 11:15 - 00025248 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2014-10-31 11:15 - 2014-10-31 11:15 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys
2014-10-29 21:35 - 2014-10-29 21:35 - 00198936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 15:15 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\temp
2014-11-25 15:07 - 2013-02-26 15:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-25 14:26 - 2013-07-27 13:30 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 08:26 - 2013-07-27 13:30 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 08:05 - 2013-07-27 14:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-11-24 21:25 - 2011-07-26 20:22 - 00000408 _____ () C:\WINDOWS\Tasks\Final Media Player Update Checker.job
2014-11-24 19:07 - 2014-09-04 06:34 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-23 21:49 - 2005-08-09 21:17 - 00000190 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-11-23 21:07 - 2011-04-02 08:37 - 00000000 ___RD () C:\Documents and Settings\HP_Administrator\My Documents\Dropbox
2014-11-23 21:07 - 2011-04-02 08:32 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Dropbox
2014-11-23 21:03 - 2013-02-24 07:12 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-471697612-46257615-1860656430-1008.job
2014-11-23 21:03 - 2005-01-28 03:45 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-23 21:02 - 2014-03-15 07:14 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-23 21:02 - 2005-01-28 03:55 - 02059158 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 21:01 - 2005-01-27 20:16 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-23 20:59 - 2005-01-28 03:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-23 20:43 - 2005-04-28 08:47 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-11-23 20:43 - 2005-04-28 08:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-11-23 16:19 - 2011-04-02 06:52 - 00000000 ____D () C:\Program Files\IObit
2014-11-23 16:14 - 2011-04-02 06:52 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\IObit
2014-11-23 16:05 - 2005-01-27 22:58 - 00000279 __RSH () C:\boot.ini
2014-11-23 15:56 - 2005-08-09 21:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint
2014-11-23 15:55 - 2008-10-09 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-11-23 15:46 - 2005-08-14 15:15 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2014-11-23 15:46 - 2005-08-09 22:05 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
2014-11-23 15:46 - 2005-01-27 20:26 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2014-11-23 15:43 - 2014-04-04 21:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-11-23 13:19 - 2005-01-28 03:55 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-11-23 13:18 - 2011-04-02 12:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-11-23 12:43 - 2008-07-21 15:14 - 00073728 _____ () C:\WINDOWS\system32\RtNicProp32.dll
2014-11-23 12:43 - 2008-02-25 11:54 - 00130432 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\Rtnicxp.sys
2014-11-23 12:27 - 2005-08-09 21:23 - 00000000 ____D () C:\WINDOWS\system32\RTCOM
2014-11-23 12:20 - 2005-09-21 15:29 - 01523416 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlUpd.exe
2014-11-23 12:20 - 2005-09-07 09:40 - 02180712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\MicCal.exe
2014-11-23 12:20 - 2005-04-28 07:57 - 20145368 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 09721960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RTLCPL.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 05630168 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtkHDAud.sys
2014-11-23 12:20 - 2005-04-28 07:57 - 02815592 _____ (RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00891976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSndMgr.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00285288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\ALSNDMGR.CPL
2014-11-23 12:20 - 2005-04-28 07:57 - 00084584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
2014-11-23 12:20 - 2005-04-28 07:57 - 00064104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
2014-11-23 12:02 - 2005-01-27 19:44 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-23 12:01 - 2012-12-18 22:19 - 46235648 _____ () C:\WINDOWS\system32\config\software.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00303104 _____ () C:\WINDOWS\system32\config\default.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00069632 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2014-11-23 12:01 - 2012-12-18 22:19 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.iobit
2014-11-23 12:01 - 2005-04-28 07:38 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-23 11:46 - 2011-04-02 12:13 - 00000000 ____D () C:\Program Files\CleanUp!
2014-11-23 11:45 - 2010-01-24 08:59 - 00056640 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-23 11:43 - 2005-04-28 08:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer
2014-11-23 11:42 - 2011-05-19 06:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit
2014-11-23 11:34 - 2005-04-28 08:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-11-23 11:31 - 2005-08-09 21:24 - 00000278 ___SH () C:\Documents and Settings\HP_Administrator\ntuser.ini
2014-11-23 11:31 - 2005-08-09 21:24 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-11-23 11:29 - 2013-07-27 13:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Computer Maintenance
2014-11-20 08:14 - 2013-07-27 14:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
2014-11-20 08:04 - 2013-07-27 14:13 - 00000000 ____D () C:\Program Files\AVG
2014-11-20 08:02 - 2013-07-27 14:15 - 00000000 ___HD () C:\$AVG
2014-11-18 10:03 - 2011-04-02 14:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\JOHN
2014-11-18 09:55 - 2013-07-27 13:36 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\Desktop Items
2014-11-15 08:23 - 2011-04-02 08:33 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Dropbox
2014-11-12 11:06 - 2009-01-20 21:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 11:05 - 2013-07-17 22:22 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 11:00 - 2005-08-14 14:42 - 100445232 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 09:02 - 2011-04-23 13:34 - 00062893 _____ () C:\install.log
2014-11-11 17:10 - 2013-02-26 15:33 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-11 17:10 - 2012-03-01 07:59 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-10 15:04 - 2012-05-05 12:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 14:46 - 2014-03-15 07:14 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-03 06:57 - 2005-01-28 03:47 - 00579058 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-31 18:36 - 2011-04-02 12:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 20:42 - 2009-09-15 12:09 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Desktop\MOM'S FINANICAL
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dllnt_dump.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprz4jeb.dll
C:\Documents and Settings\HP_Administrator\Local Settings\temp\vmpremov.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

"Stupidity is forever: ignorance can be fixed."


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:55 PM

Posted 25 November 2014 - 05:09 PM

Please run the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 25 November 2014 - 08:33 PM

Here you go:

 

===================

ComboFix 14-11-25.01 - HP_Administrator 11/25/2014  17:24:59.2.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3191.2374 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Slick Savings
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Slick Savings\coupons.crx
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\SET822.tmp
c:\windows\system32\SET823.tmp
c:\windows\system32\SET829.tmp
c:\windows\system32\sp
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-26 to 2014-11-26  )))))))))))))))))))))))))))))))
.
.
2014-11-25 22:08 . 2014-11-26 00:07 17923760 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-11-25 21:14 . 2014-11-25 21:17 -------- d-----w- C:\FRST
2014-11-23 22:46 . 2014-11-23 22:46 -------- d-----w- c:\program files\ESET
2014-11-23 22:21 . 2014-06-04 21:17 31008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2014-11-23 22:20 . 2014-06-04 21:17 109856 ----a-w- c:\windows\system32\IObitSmartDefragExtension.dll
2014-11-23 22:19 . 2014-06-04 21:17 15808 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2014-11-23 19:50 . 2014-11-23 19:50 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\LogMeIn
2014-11-23 19:50 . 2014-10-31 17:53 53096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2014-11-23 19:50 . 2014-10-31 17:53 31592 ----a-w- c:\windows\system32\LMIport.dll
2014-11-23 19:50 . 2014-10-31 17:54 86912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-11-23 19:50 . 2014-10-31 17:15 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2014-11-23 19:49 . 2014-10-31 17:53 85864 ----a-w- c:\windows\system32\LMIinit.dll
2014-11-23 19:48 . 2014-11-25 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2014-11-23 19:45 . 2014-11-23 19:45 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-23 19:44 . 2014-11-23 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-11-23 19:42 . 2014-11-23 21:21 -------- d-----w- c:\program files\LogMeIn
2014-11-23 19:32 . 2014-11-23 19:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ProductData
2014-11-23 18:58 . 2014-11-23 18:58 -------- d-----w- C:\Dbz4B213
2014-11-23 18:42 . 2014-11-23 18:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NETGEARGenie
2014-11-23 18:41 . 2014-11-23 18:41 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2014-11-23 18:41 . 2014-11-23 18:39 40936 ----a-w- c:\windows\system32\drivers\point32.sys
2014-11-23 18:38 . 2014-11-23 18:41 -------- d-----w- c:\program files\NETGEAR Genie
2014-11-23 18:37 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-11-23 18:36 . 2014-11-23 18:39 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2014-11-23 18:36 . 2014-11-23 18:34 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2014-11-23 18:22 . 2014-11-23 18:20 26084 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2014-11-23 17:55 . 2014-11-23 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\RealNetworks
2014-11-23 17:44 . 2014-11-23 17:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2014-11-23 17:44 . 2014-11-23 17:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2015
2014-11-23 17:43 . 2014-11-23 17:43 -------- d-----w- c:\documents and settings\Administrator\LocalLow
2014-11-23 17:43 . 2014-11-23 17:43 -------- d-----w- c:\documents and settings\Administrator\AppData
2014-11-23 17:43 . 2014-11-23 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-23 17:42 . 2014-11-23 17:42 -------- d-----w- c:\program files\Common Files\IObit
2014-11-23 17:41 . 2014-11-23 17:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2014-11-20 14:03 . 2014-11-20 14:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2015
2014-11-20 13:53 . 2014-11-20 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
2014-11-20 13:32 . 2014-11-25 21:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Avg2015
2014-10-31 17:15 . 2014-10-31 17:15 25248 ----a-w- c:\windows\system32\lmimirr.dll
2014-10-31 17:15 . 2014-10-31 17:15 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2014-10-31 17:15 . 2014-10-31 17:15 10144 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2014-10-30 03:35 . 2014-10-30 03:35 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 00:07 . 2013-02-26 21:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-26 00:07 . 2012-03-01 13:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-23 18:43 . 2008-07-21 21:14 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2014-11-23 18:43 . 2008-02-25 17:54 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2014-11-23 18:20 . 2005-04-28 13:57 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2014-11-23 18:20 . 2005-04-28 13:57 891976 ----a-w- c:\windows\system32\RTSndMgr.CPL
2014-11-23 18:20 . 2005-09-21 21:29 1523416 ----a-w- c:\windows\RtlUpd.exe
2014-11-23 18:20 . 2005-04-28 13:57 9721960 ----a-w- c:\windows\RTLCPL.EXE
2014-11-23 18:20 . 2005-04-28 13:57 5630168 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2014-11-23 18:20 . 2005-04-28 13:57 20145368 ----a-w- c:\windows\RTHDCPL.EXE
2014-11-23 18:20 . 2005-09-07 15:40 2180712 ----a-w- c:\windows\MicCal.exe
2014-11-23 18:20 . 2005-04-28 13:57 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2014-11-23 18:20 . 2005-04-28 13:57 64104 ----a-w- c:\windows\ALCMTR.EXE
2014-11-23 18:20 . 2005-04-28 13:57 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2014-10-10 20:13 . 2013-03-21 08:08 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-10-06 02:42 . 2013-02-08 09:37 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-08-29 02:43 . 2013-02-08 09:37 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-11-23 17:43 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2014-11-23 752960]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-09-26 4811032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-10 3653136]
"HostManager"="c:\program files\Common Files\AOL\1126407778\ee\AOLSoftware.exe" [2010-03-08 41800]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-09-28 296096]
"RTHDCPL"="RTHDCPL.EXE" [2014-11-23 20145368]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2014-10-31 63048]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe -startup [2005-4-28 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2014-10-31 17:53 85864 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2010-07-13 20:40 70720 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1126407778\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 17:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-08-24 20:09 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-28 13:38 296096 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1126407778\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1126407778\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1126407778\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AOL Desktop 9.6a\\waol.exe"=
"c:\\Program Files\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AOL Desktop 9.7a\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7a\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\NETGEAR Genie\\bin\\NETGEARGenie.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 3:37 AM 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 3:37 AM 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 3:37 AM 27416]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/23/2014 4:19 PM 15808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [6/18/2014 8:03 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [10/29/2014 9:35 PM 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 9:32 AM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 3:37 AM 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 2:08 AM 200984]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [11/23/2014 11:41 AM 815392]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [11/9/2014 9:49 PM 298080]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/31/2014 11:53 AM 375144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [10/31/2014 11:15 AM 13624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [11/9/2014 9:57 PM 3488784]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [11/6/2014 9:29 AM 195840]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [11/23/2014 12:36 PM 45288]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\MBAMSwissArmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-27 19:30 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 00:07]
.
2013-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2014-11-26 c:\windows\Tasks\Driver Booster Scan.job
- c:\program files\IObit\Driver Booster\Scheduler.exe [2014-11-23 21:52]
.
2014-11-26 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2014-11-23 22:17]
.
2014-11-26 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-07-27 20:24]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-27 19:30]
.
2014-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-27 19:30]
.
2014-11-26 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2014-11-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2014-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-471697612-46257615-1860656430-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2014-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-471697612-46257615-1860656430-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\MRI_DISABLED\SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe -autostart
SafeBoot-MBAMSwissArmy
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-11-25 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(4532)
c:\windows\system32\WININET.dll
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.24.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(5240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\eHome\ehmsas.exe
c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe
c:\windows\system32\dllhost.exe
c:\program files\common files\aol\1126407778\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\windows\system32\wscntfy.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\Common Files\AOL\1126407778\ee\aolupdates.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2014-11-25  19:18:28 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-26 01:18
ComboFix2.txt  2011-04-02 18:40
.
Pre-Run: 118,815,313,920 bytes free
Post-Run: 119,462,060,032 bytes free
.
- - End Of File - - 584286C51723A4337FB3D45CD5A4461F
0AC6D996BCE152AED9600E6D6B797E2E

"Stupidity is forever: ignorance can be fixed."


#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:55 PM

Posted 26 November 2014 - 10:21 AM

Please run the following:


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT


Navigate to this folder and let me know what it contains:
C:\Dbz4B213

Does it appear to be files related to a program installation or update or are there strange random named .exe files.

If the latter, then please upload a couple to virus total:

http://www.virustotal.com
Use the browse button on that page to navigate to the location of the file to be scanned.
In the right hand panel,
click on the file you want to scan
then click the open button.
The file will now be displayed in the submit box.
Scroll down a bit and click "send file", wait for the results
If you get a message saying File has already been analyzed:
click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

Please advise how the compouter is running now and if there are any outstanding issues.

Edited by CatByte, 26 November 2014 - 10:21 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 26 November 2014 - 07:18 PM

Here's the log.  I checked that folder: here is a screenshot of what's in it - no exe files.

 

https://www.dropbox.com/s/77zsmonjlu1x3b3/Screenshot%202014-11-26%2018.16.56.png?dl=0

 

===============================================

# AdwCleaner v4.102 - Report created 26/11/2014 at 11:13:47

# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : HP_Administrator - HELENOFCYBER
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FinalMediaPlayer
Folder Deleted : C:\Program Files\File Type Assistant
Folder Deleted : C:\Program Files\FinalMediaPlayer
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\FinalMediaPlayer
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\pccustubinstaller
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\HP_Administrator\Desktop\drivergenius
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
[!] Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Documents and Settings\All Users\Start Menu\FinalMediaPlayer.lnk
File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\d2uihf6y.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : Final Media Player Update Checker
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Bitberry
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FinalMediaPlayer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A787631-66A2-4634-B928-A37E73B58FB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FinalMediaPlayer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-apl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Trusted Software Assistant_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
[d2uihf6y.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=198484&fr=spigot-yhp-ff");
 
-\\ Google Chrome v28.0.1500.72
 
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [19122 octets] - [26/11/2014 10:54:26]
AdwCleaner[S0].txt - [18735 octets] - [26/11/2014 11:13:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18796 octets] ##########

"Stupidity is forever: ignorance can be fixed."


#11 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 26 November 2014 - 07:28 PM

Forgot to mention that the explorer spawning has stopped, but the computer is still very slow.


"Stupidity is forever: ignorance can be fixed."


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:55 PM

Posted 26 November 2014 - 07:46 PM

that looks ok.

Please advise how the computer is running now and if there are any outstanding issues.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 26 November 2014 - 08:39 PM

I lied. Still spawning multiple explorer.exe processes. It's like whack-a-mole trying to kill them with task manager.

"Stupidity is forever: ignorance can be fixed."


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:55 PM

Posted 27 November 2014 - 11:22 AM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 AllanK

AllanK
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 27 November 2014 - 04:44 PM

I uninstalled AVG Free and replaced it with Avast! Free.  Avast found a rootkit, so I scheduled a boot scan.  When it was done, I got the this on the screen, but it would not respond to any keystrokes, so I shut down the computer.

https://www.dropbox.com/s/1zm1uagy37p04aq/IMG_1580.JPG?dl=0

 

I could not find the aswBoot.txt report on the hard drive.

 

After rebooting, I went to the Online Services folder and when I opened the Netscape folder Avast flagged two exe files as malware and moved them to the chest - see screen shots:

https://www.dropbox.com/s/z4klxhi3922dqvo/Screenshot%202014-11-27%2015.35.44.png?dl=0

https://www.dropbox.com/s/stw2ddvl6qnbc3y/Screenshot%202014-11-27%2015.36.02.png?dl=0

 

In each case, it identified Explorer.EXE as the infected file in the pop-up window.  This seems to gel with the multiple explorer processes that were being spawned?

 

TDSSKiller did not find any threats.

 

The computer actually seems a bit more responsive now, and I have not seen any explorer spawning for the past 15-20 minutes.  Are there any additional scans we can do to see if it's really clean?  Or do I have to just wait and see what happens?

 

Cheers,

Allan

 

 


"Stupidity is forever: ignorance can be fixed."





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users