Inactive-A Firefox browser has been hijacked.

[jjkiefer01]

I ran Microsoft Safety Scanner and it found the following:
VirTool:Win32/Obfuscator - C:\Windows\Tasks\dqprdv.jom - I deleted this file.
It also found C:\Windows\System32\activeds6.dll - It is a hidden file and read-only. It won't let me change the read-only option so I can get rid of it. I booted in safe mode and ran RKill to no avail. I tried all of this before I got your latest response. Any thoughts on this? Thanks for your patience with this. Cheers!

 

[jjkiefer01]

I uninstalled AVG before I ran ComboFix but the AVG update module is still enabled. ComboFix ran fine but would like to know if you know how to get rid of that update module?

ComboFix 13-08-22.01 - Jim 08/23/2013 19:49:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1298 [GMT -4:00]
Running from: c:\downloadedfiles\ComboFix.exe
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jim\My Documents\~WRL0402.tmp
c:\documents and settings\Jim\My Documents\~WRL3548.tmp
C:\V2T18B8.tmp
C:\V2T1D5.tmp
C:\V2T1D6.tmp
C:\V2T1D7.tmp
C:\V2T1D8.tmp
C:\V2T2D5.tmp
C:\V2T2D6.tmp
C:\V2T78.tmp
C:\V2T89.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-07-24 to 2013-08-24 )))))))))))))))))))))))))))))))
.
.
2013-08-23 22:29 . 2013-08-23 22:29 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A560B69-E1CA-48CE-A8FC-D923B8A5589F}\MpKsl9af12c58.sys
2013-08-23 22:27 . 2013-08-06 04:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A560B69-E1CA-48CE-A8FC-D923B8A5589F}\mpengine.dll
2013-08-23 20:12 . 2013-08-23 20:12 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-23 18:52 . 2013-08-23 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\Mbar_anti-rootkit_extract
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\New Folder (2)
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\New Folder
2013-08-22 13:15 . 2013-08-22 13:15 -------- d-----w- c:\documents and settings\Jim\Application Data\AVG
2013-08-22 13:15 . 2013-08-22 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-08-22 13:15 . 2013-08-22 13:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-21 16:28 . 2013-08-21 16:28 -------- d-----w- c:\program files\CCleaner
2013-08-18 19:36 . 2013-08-18 19:36 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\ Online Backup
2013-08-18 18:35 . 2013-08-18 18:35 -------- d-----w- c:\program files\Uninstaller
2013-08-18 17:52 . 2013-08-18 20:25 -------- d-----w- C:\AI_RecycleBin
2013-08-18 17:52 . 2013-08-20 02:23 -------- d-----w- c:\program files\MyPC Backup
2013-08-12 15:21 . 2013-08-12 15:21 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Scansoft
2013-08-12 15:20 . 2013-08-12 15:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2013-08-12 15:09 . 2010-01-22 07:52 61440 ----a-w- c:\windows\system32\brprtink.dll
2013-08-12 15:09 . 2013-08-12 15:09 -------- d-----w- c:\program files\Browny02
2013-08-12 15:08 . 2008-10-18 00:02 126976 ------w- c:\windows\system32\BrfxD05b.dll
2013-08-12 15:08 . 2010-02-09 21:11 217088 ------w- c:\windows\system32\NSSearch.dll
2013-08-12 15:08 . 2010-01-22 19:34 3072 ------w- c:\windows\system32\BrDctF2S.dll
2013-08-12 15:08 . 2007-12-14 02:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-08-12 15:08 . 2007-12-14 02:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-08-12 15:08 . 2013-08-12 15:09 -------- d-----w- c:\program files\Brother
2013-08-12 15:08 . 2010-02-05 15:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2013-08-12 15:06 . 2013-08-12 15:06 -------- d-----w- c:\program files\Nuance
2013-08-12 15:04 . 2013-08-12 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2013-08-12 15:03 . 2013-08-12 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2013-08-12 00:03 . 2013-08-12 00:04 -------- d-----w- C:\Equisync
2013-08-11 19:43 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\program files\iPod
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\program files\iTunes
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-11 19:41 . 2013-08-11 19:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2013-08-11 19:41 . 2012-12-13 17:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-08-11 19:41 . 2012-12-13 17:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-08-05 17:50 . 2013-08-05 17:50 -------- d-----w- C:\ForrestVanGundy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 03:20 . 2013-05-14 05:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 03:20 . 2011-12-23 04:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 01:50 . 2013-06-19 01:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-14 16:10 . 2013-06-14 16:10 10698056 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{84155839-E820-418A-B94D-388DEE985AA5}\PhotoSceneEditor.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-12-16 22:13 223744 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2005-01-01 1046984]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^StartUp^Check for OneTouch Updates.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\StartUp\Check for OneTouch Updates.lnk
backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^StartUp^Dell Display Manager.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\StartUp\Dell Display Manager.lnk
backup=c:\windows\pss\Dell Display Manager.lnkStartup
.
[HKLM\~\startupfolder\^LgDSetup.log]
path=\LgDSetup.log
backup=c:\windows\pss\LgDSetup.logCommon Startup
.
[HKLM\~\startupfolder\^Test.sdf]
path=\Test.sdf
backup=c:\windows\pss\Test.sdfCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
2001-07-03 18:12 176128 ----a-w- c:\windows\system32\BMUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 17:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2001-10-30 11:09 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pronto]
2012-07-06 21:03 23053400 ----a-w- c:\program files\Blackboard\Blackboard IM\blackboardim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-12-09 22:24 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 19:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-12-13 02:30 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"RoxMediaDB11"=3 (0x3)
"Remote Solver for Flow Simulation 2012"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"CoordinatorServiceHost"=3 (0x3)
"CltMngSvc"=2 (0x2)
"BrYNSvc"=3 (0x3)
"BackupStack"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/1/2005 12:46 PM 26984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/21/2012 1:26 AM 242240]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [7/18/2012 10:28 AM 80448]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2/24/2012 9:46 PM 642432]
S0 sfbtu;sfbtu;c:\windows\system32\drivers\ecnocbwq.sys --> c:\windows\system32\drivers\ecnocbwq.sys [?]
S0 wxbcyy;wxbcyy;c:\windows\system32\drivers\ddxo.sys --> c:\windows\system32\drivers\ddxo.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2/24/2012 9:46 PM 285152]
S3 Aslteilte;Aslteilte; [x]
S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [5/26/2008 3:48 PM 281600]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [6/21/2008 9:09 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [6/21/2008 9:09 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [6/21/2008 9:09 PM 52565]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [8/12/2013 11:09 AM 245760]
S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6/9/2012 12:48 AM 89192]
S4 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2/19/2012 2:58 PM 82944]
S4 Mam4tsy;Mam4tsy; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
S4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 11:51 AM 1128944]
S4 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [1/1/2005 12:46 PM 894920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 00:51 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 03:20]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 05:10]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 05:10]
.
2013-08-23 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 20:49]
.
2013-08-23 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 20:49]
.
2013-08-23 c:\windows\Tasks\User_Feed_Synchronization-{E1C38963-8C10-4DED-BEB7-A8E5938942D4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&CUI=UN20402020356994147&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://msn.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&SearchSource=2&CUI=UN09835776969787557&UM=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\documents and settings\LocalService\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe
SafeBoot-33874832.sys
SafeBoot-80775207.sys
SafeBoot-80926232.sys
MSConfigStartUp-PPWebCap - c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-23 20:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-08-23 20:12:19
ComboFix-quarantined-files.txt 2013-08-24 00:12
ComboFix2.txt 2013-03-22 17:39
.
Pre-Run: 13,731,123,200 bytes free
Post-Run: 17,196,929,024 bytes free
.
- - End Of File - - 1DE0D4EAD7E5D4A6955DC63B7B7ABF3E
8F558EB6672622401DA993E1E865C861

 

[jjkiefer01]

It appears my browser is working now. If you see anything in the log that you feel should be resolved, please let me know. Thank you so much for all your help!

 

[Broni]

I ran Microsoft Safety Scanner

Please re-read rules I posted in my first reply.
One of them says:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

activeds6.dll seems to be a legit file.

I can see some MSE items running. Please run Microsoft Security Essentials Removal Tool to remove them: http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\ddxo.sys

Folder::
c:\program files\MyPC Backup

Driver::
wxbcyy

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&CUI=UN20402020356994147&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&SearchSource=2&CUI=UN09835776969787557&UM=2&q=
FF - prefs.js: browser.search.selectedEngine - Vafmusic7 Customized Web Search

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[jjkiefer01]

ComboFix 13-08-22.01 - Jim 08/24/2013 1:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1435 [GMT -4:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\ddxo.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MyPC Backup
c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe
C:\Thumbs.db
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wxbcyy
.
.
((((((((((((((((((((((((( Files Created from 2013-07-24 to 2013-08-24 )))))))))))))))))))))))))))))))
.
.
2013-08-24 04:57 . 2013-08-24 04:57 15990 ----a-w- C:\FixitRegBackup.reg
2013-08-24 01:07 . 2013-08-06 04:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F40FCC5-4627-447B-843B-7A70DCF76793}\mpengine.dll
2013-08-23 20:12 . 2013-08-23 20:12 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-23 18:52 . 2013-08-23 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\Mbar_anti-rootkit_extract
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\New Folder (2)
2013-08-23 18:51 . 2013-08-23 18:51 -------- d-----w- C:\New Folder
2013-08-22 13:15 . 2013-08-22 13:15 -------- d-----w- c:\documents and settings\Jim\Application Data\AVG
2013-08-22 13:15 . 2013-08-22 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2013-08-22 13:15 . 2013-08-22 13:15 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-21 16:28 . 2013-08-21 16:28 -------- d-----w- c:\program files\CCleaner
2013-08-18 19:36 . 2013-08-18 19:36 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\ Online Backup
2013-08-18 18:35 . 2013-08-18 18:35 -------- d-----w- c:\program files\Uninstaller
2013-08-18 17:52 . 2013-08-18 20:25 -------- d-----w- C:\AI_RecycleBin
2013-08-12 15:21 . 2013-08-12 15:21 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\Scansoft
2013-08-12 15:20 . 2013-08-12 15:20 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2013-08-12 15:09 . 2010-01-22 07:52 61440 ----a-w- c:\windows\system32\brprtink.dll
2013-08-12 15:09 . 2013-08-12 15:09 -------- d-----w- c:\program files\Browny02
2013-08-12 15:08 . 2008-10-18 00:02 126976 ------w- c:\windows\system32\BrfxD05b.dll
2013-08-12 15:08 . 2010-02-09 21:11 217088 ------w- c:\windows\system32\NSSearch.dll
2013-08-12 15:08 . 2010-01-22 19:34 3072 ------w- c:\windows\system32\BrDctF2S.dll
2013-08-12 15:08 . 2007-12-14 02:16 73728 ------w- c:\windows\system32\BrDctF2.dll
2013-08-12 15:08 . 2007-12-14 02:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2013-08-12 15:08 . 2013-08-12 15:09 -------- d-----w- c:\program files\Brother
2013-08-12 15:08 . 2010-02-05 15:42 180224 ------w- c:\windows\system32\BroSNMP.dll
2013-08-12 15:06 . 2013-08-12 15:06 -------- d-----w- c:\program files\Nuance
2013-08-12 15:04 . 2013-08-12 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2013-08-12 15:03 . 2013-08-12 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2013-08-12 00:03 . 2013-08-12 00:04 -------- d-----w- C:\Equisync
2013-08-11 19:43 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\program files\iPod
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\program files\iTunes
2013-08-11 19:42 . 2013-08-11 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-11 19:41 . 2013-08-11 19:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2013-08-11 19:41 . 2012-12-13 17:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-08-11 19:41 . 2012-12-13 17:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-08-05 17:50 . 2013-08-05 17:50 -------- d-----w- C:\ForrestVanGundy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 03:20 . 2013-05-14 05:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 03:20 . 2011-12-23 04:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 01:50 . 2013-06-19 01:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-14 16:10 . 2013-06-14 16:10 10698056 ----a-r- c:\documents and settings\Jim\Application Data\Microsoft\Installer\{84155839-E820-418A-B94D-388DEE985AA5}\PhotoSceneEditor.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay]
@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"
[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]
2012-12-16 22:13 223744 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2005-01-01 1046984]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^StartUp^Check for OneTouch Updates.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\StartUp\Check for OneTouch Updates.lnk
backup=c:\windows\pss\Check for OneTouch Updates.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^StartUp^Dell Display Manager.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\StartUp\Dell Display Manager.lnk
backup=c:\windows\pss\Dell Display Manager.lnkStartup
.
[HKLM\~\startupfolder\^LgDSetup.log]
path=\LgDSetup.log
backup=c:\windows\pss\LgDSetup.logCommon Startup
.
[HKLM\~\startupfolder\^Test.sdf]
path=\Test.sdf
backup=c:\windows\pss\Test.sdfCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
2001-07-03 18:12 176128 ----a-w- c:\windows\system32\BMUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 17:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
2001-10-30 11:09 86016 ----a-w- c:\program files\Visioneer OneTouch\OneTouchMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pronto]
2012-07-06 21:03 23053400 ----a-w- c:\program files\Blackboard\Blackboard IM\blackboardim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-12-09 22:24 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-04-19 19:19 18678376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-12-13 02:30 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"RoxMediaDB11"=3 (0x3)
"Remote Solver for Flow Simulation 2012"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"CoordinatorServiceHost"=3 (0x3)
"CltMngSvc"=2 (0x2)
"BrYNSvc"=3 (0x3)
"BackupStack"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/1/2005 12:46 PM 26984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/21/2012 1:26 AM 242240]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2/24/2012 9:46 PM 642432]
S0 sfbtu;sfbtu;c:\windows\system32\drivers\ecnocbwq.sys --> c:\windows\system32\drivers\ecnocbwq.sys [?]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [7/18/2012 10:28 AM 80448]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 6:45 PM 161384]
S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [2/24/2012 9:46 PM 285152]
S3 Aslteilte;Aslteilte; [x]
S3 atimtai;atimtai;c:\windows\system32\drivers\atimtai.sys [5/26/2008 3:48 PM 281600]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [6/21/2008 9:09 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [6/21/2008 9:09 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [6/21/2008 9:09 PM 52565]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 7:29 PM 29293408]
S4 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [8/12/2013 11:09 AM 245760]
S4 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [6/9/2012 12:48 AM 89192]
S4 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2/19/2012 2:58 PM 82944]
S4 Mam4tsy;Mam4tsy; [x]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
S4 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe --> c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [?]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [11/17/2008 11:51 AM 1128944]
S4 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [1/1/2005 12:46 PM 894920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-22 00:51 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 03:20]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 05:10]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-01 05:10]
.
2013-08-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 20:49]
.
2013-08-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 20:49]
.
2013-08-24 c:\windows\Tasks\User_Feed_Synchronization-{E1C38963-8C10-4DED-BEB7-A8E5938942D4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant =
TCP: DhcpNameServer = 192.168.254.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-24 01:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(232)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-08-24 01:31:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-24 05:31
ComboFix2.txt 2013-08-24 00:12
ComboFix3.txt 2013-03-22 17:39
.
Pre-Run: 16,899,481,600 bytes free
Post-Run: 16,896,901,120 bytes free
.
- - End Of File - - F0AE6FFA10A09E92083B36250C73520D
8F558EB6672622401DA993E1E865C861

 

[Broni]

Good job

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[jjkiefer01]

I need to take a couple days break from cleaning this up as I have much work to get done. Please don't close this task. I should be able to work on the next list of tasks you sent me in a couple of days. Thanks so much again for all your time and help with this issue. Cheers!

 

[Broni]

 

[Broni]

Still with me?

 

[jjkiefer01]

If you need to close this, I'm ok with it. I am swamped with other issues right now. I have the list of things to do that you last sent me so I will have to to these later. Thanks for all your help. Cheers!

 

[Broni]

It's up to you.
Let me know what's gonna be.

 

[Broni]

Reopened.

 

[jjkiefer01]

Thanks! here's the latest.
# AdwCleaner v3.003 - Report created 08/09/2013 at 16:18:12
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jim - HOME-DESKTOP
# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Documents and Settings\Jim\IECompatCache
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\cre
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Documents and Settings\Jim\Application Data\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\END
File Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284668
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303000
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\prefs.js ]

Line Deleted : user_pref("CT3303000_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376857691228,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=2&ctid=CT3303000&SearchSource=13&CUI=UN09835776969787557");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic7 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3303000&SearchSource=2&CUI=UN09835776969787557&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3303000");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic7 Customized Web Search");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?UM=2&ctid=CT3303000&SearchSource=13&CUI=UN09835776969787557");
Line Deleted : user_pref("smartbar.machineId", "R0P1MBAUITPRYRP30TRRV11I9FPDBY3C2CJ4V24HEFNNA0SNNPVGFS+VKIU1ELIL+YDESXFJIPBY6A19OLTQWA");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\catflljt.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [9307 octets] - [08/09/2013 16:16:20]
AdwCleaner[S0].txt - [9321 octets] - [08/09/2013 16:18:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9381 octets] ##########

 

[jjkiefer01]

Part 2
------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Microsoft Windows XP x86
Ran by Jim on Sun 09/08/2013 at 16:42:23.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011301126}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Jim\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Jim\Local Settings\Application Data\software assist"
Successfully deleted: [Folder] "C:\Documents and Settings\Jim\Local Settings\Application Data\stronghold_llc"
Successfully deleted: [Folder] "C:\Documents and Settings\Jim\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\software assist"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/08/2013 at 16:46:27.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 9/8/2013 4:30:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.98% Memory free
4.77 Gb Paging File | 4.48 Gb Available in Paging File | 93.89% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 12.02 Gb Free Space | 9.40% Space Free | Partition Type: NTFS
Drive I: | 524.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 58.32 Gb Total Space | 33.19 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: HOME-DESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/09/08 16:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2013/07/18 16:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 13:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/08/28 12:23:44 | 005,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005/07/04 17:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/16 18:13:37 | 000,223,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
MOD - [2012/03/11 12:07:38 | 000,159,744 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mmfinfo.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 09:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Mega Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2008/02/13 13:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/02/05 18:18:58 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2005/09/01 05:25:26 | 000,045,056 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\Security.dll
MOD - [2003/10/13 15:30:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\GTW32N50.dll
MOD - [2002/04/24 01:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\GEMWEP.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
SRV - File not found [Disabled | Stopped] -- -- (Mam4tsy)
SRV - [2013/08/20 23:20:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/17 00:38:03 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/05/22 15:04:32 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/14 15:43:56 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/07/18 10:28:14 | 000,080,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2012/06/09 00:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2012/02/17 16:45:28 | 000,082,944 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2010/08/26 18:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/08 18:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/14 06:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/12/02 06:17:54 | 002,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ecnocbwq.sys -- (sfbtu)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Aslteilte)
DRV - [2012/09/21 01:26:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/10/17 03:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2011/10/17 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2011/02/21 16:13:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/09/12 14:22:54 | 000,540,288 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008/09/12 14:22:24 | 000,443,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/02/05 22:21:48 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/05 22:21:37 | 004,658,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/02/05 22:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 22:20:51 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2008/02/05 22:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/06 15:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32)
DRV - [2006/12/22 11:59:14 | 000,052,565 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410u.sys -- (mam4410u)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/24 19:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/18 11:44:44 | 000,011,473 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MaVc2K.sys -- (MaVctrl)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/16 18:13:12 | 000,025,044 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410m.sys -- (mam4410m)
DRV - [2005/06/16 18:11:58 | 000,024,784 | ---- | M] (Mobile Action Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mam4410c.sys -- (mam4410c)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcm42rly.sys -- (BCM42RLY)
DRV - [2005/01/01 12:46:14 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2003/12/09 19:24:58 | 000,259,968 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/12/09 19:24:58 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/12/09 19:24:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/12/09 19:24:58 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/12/09 18:24:58 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/12/09 18:24:58 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/08/17 12:48:40 | 000,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimtai.sys -- (atimtai)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{681EF096-46ED-4F03-98AF-6703666F182D}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

[2013/05/14 16:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions
[2012/04/28 22:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\extensions
[2012/04/28 22:21:06 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/08/18 16:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\q1bczaw3.default\extensions
[2013/08/17 00:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/17 00:37:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 00:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 00:38:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Software Assist = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.181_0\crossrider
CHR - Extension: Software Assist = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.181_0\
CHR - Extension: Savings-Slider = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/24 01:25:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EDED285-6670-4133-BB83-A447A7AD1D69}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABBD5CF9-9AF0-43BA-B40E-CD6AC2DF336D}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/27 13:30:31 | 000,000,000 | ---D | M] - C:\Autobiography -- [ NTFS ]
O32 - AutoRun File - [2008/05/26 15:20:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/23 19:37:53 | 000,000,027 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 90 Days ==========

[2013/09/08 16:15:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/08 16:14:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2013/09/08 16:13:50 | 001,029,490 | ---- | C] (Thisisu) -- C:\Documents and Settings\Jim\Desktop\JRT.exe
[2013/08/27 03:49:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2013/08/24 10:08:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/24 01:31:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/08/24 00:50:08 | 005,111,180 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[2013/08/23 18:05:01 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\rkill.com
[2013/08/23 16:42:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/08/23 16:42:56 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/08/23 16:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/08/23 14:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/23 14:51:47 | 000,000,000 | ---D | C] -- C:\Mbar_anti-rootkit_extract
[2013/08/23 14:51:21 | 000,000,000 | ---D | C] -- C:\New Folder (2)
[2013/08/23 14:51:11 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/08/23 14:46:20 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Jim\Desktop\mbar-1.06.1.1005.exe
[2013/08/23 14:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\RK_Quarantine
[2013/08/22 09:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AVG
[2013/08/22 09:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/08/22 09:15:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/08/21 12:29:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2013/08/21 12:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/08/18 15:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\ Online Backup
[2013/08/18 14:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/08/18 13:52:50 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2013/08/17 00:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/12 11:21:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Scansoft
[2013/08/12 11:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/08/12 11:09:29 | 000,061,440 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\brprtink.dll
[2013/08/12 11:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/08/12 11:08:56 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05b.dll
[2013/08/12 11:08:44 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2013/08/12 11:08:44 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2013/08/12 11:08:44 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2013/08/12 11:08:44 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2013/08/12 11:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/08/12 11:08:41 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2013/08/12 11:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2013/08/12 11:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/08/12 11:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2013/08/11 20:03:35 | 000,000,000 | ---D | C] -- C:\Equisync
[2013/08/11 15:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/11 15:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/11 15:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/11 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/08/11 15:41:35 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2013/08/05 13:50:45 | 000,000,000 | ---D | C] -- C:\ForrestVanGundy
[2013/07/23 13:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2013/07/19 14:17:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/07/10 23:24:05 | 000,000,000 | ---D | C] -- C:\_tmpPics
[2013/06/24 09:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\System Care Antivirus
[2013/06/24 09:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\C45C672FAE47F2830000C45BA2D8F76F
[2013/06/14 12:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Autodesk
[2013/06/14 12:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Autodesk
[2013/06/14 12:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2013/09/08 16:25:00 | 000,638,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/08 16:25:00 | 000,137,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/08 16:20:39 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/09/08 16:20:25 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/08 16:20:21 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/08 16:20:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/08 16:19:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2013/09/08 16:19:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/09/08 16:14:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2013/09/08 16:13:57 | 001,029,490 | ---- | M] (Thisisu) -- C:\Documents and Settings\Jim\Desktop\JRT.exe
[2013/09/08 16:13:08 | 001,037,278 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
[2013/09/08 15:51:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/08 15:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/08 13:21:55 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/08 11:25:54 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1C38963-8C10-4DED-BEB7-A8E5938942D4}.job
[2013/09/06 09:24:02 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/04 21:58:09 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/27 04:33:27 | 003,723,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/27 04:00:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/24 15:29:05 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Mandelbulb3D.exe.lnk
[2013/08/24 10:21:25 | 000,000,253 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2013/08/24 01:25:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/24 00:57:11 | 000,015,990 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/08/23 19:11:40 | 005,111,180 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[2013/08/23 18:05:02 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Jim\Desktop\rkill.com
[2013/08/23 16:13:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/08/23 14:46:52 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Jim\Desktop\mbar-1.06.1.1005.exe
[2013/08/23 14:33:06 | 000,923,136 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\RogueKiller.exe
[2013/08/21 12:28:52 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/08/21 09:12:31 | 000,000,420 | RHS- | M] () -- C:\boot.ini
[2013/08/20 23:20:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/20 23:20:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/12 11:10:19 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/08/12 11:10:00 | 000,000,229 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/08/12 11:10:00 | 000,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2013/08/12 11:09:40 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2013/08/12 11:09:37 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013/08/12 11:05:25 | 000,032,041 | ---- | M] () -- C:\WINDOWS\maxlink.ini
[2013/08/11 15:43:05 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll
[2013/07/25 22:47:17 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/25 22:47:17 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/25 22:47:17 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/25 22:47:17 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/25 22:47:16 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/25 22:47:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/25 22:47:13 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 22:47:12 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/25 22:47:10 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/25 22:47:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 11:52:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/07/24 06:55:20 | 000,000,038 | ---- | M] () -- C:\WINDOWS\BMUpdate.ini
[2013/07/10 06:37:53 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2013/07/03 23:03:25 | 002,149,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/07/03 22:59:11 | 002,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2013/07/03 22:59:11 | 002,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/07/03 22:08:30 | 002,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2013/07/03 22:08:30 | 002,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013/07/03 22:08:30 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/06/24 11:30:44 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/24 11:08:15 | 000,000,065 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2013/06/16 21:22:53 | 000,000,197 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Learn German.url
[2013/06/14 11:19:03 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/08 16:13:00 | 001,037,278 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
[2013/08/27 03:49:02 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/08/27 03:11:11 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/24 15:29:05 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Mandelbulb3D.exe.lnk
[2013/08/24 10:21:24 | 000,000,253 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2013/08/24 00:57:11 | 000,015,990 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/08/23 18:28:42 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/23 16:13:14 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/08/23 14:34:10 | 000,923,136 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RogueKiller.exe
[2013/08/21 12:28:52 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/08/12 11:10:19 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/08/12 11:10:00 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/08/12 11:10:00 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/08/12 11:09:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10A.DAT
[2013/08/12 11:09:37 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/08/12 11:08:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/08/12 11:05:25 | 000,032,041 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2013/08/11 15:43:05 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/07/19 14:21:28 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E1C38963-8C10-4DED-BEB7-A8E5938942D4}.job
[2013/06/16 21:22:23 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Learn German.url
[2013/05/22 15:43:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2013/03/22 12:37:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/22 12:37:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/22 12:37:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/22 12:37:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/22 12:37:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/10 18:53:36 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2013/01/04 23:43:38 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\mbam.context.scan
[2012/12/16 18:20:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/21 18:07:17 | 000,723,230 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012/11/21 18:07:17 | 000,170,411 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/09/17 16:15:46 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/08/03 00:28:56 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/06/12 19:46:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Jim\UserInfo.sdf
[2012/02/25 10:24:53 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2012/02/24 19:24:49 | 000,639,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1708537768-1220945662-839522115-1003-0.dat
[2011/12/21 10:15:12 | 000,603,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/11/15 20:15:43 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Microstudio.INI
[2010/12/17 11:22:53 | 000,022,265 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Comma Separated Values (Windows).ADR
[2008/06/03 18:04:26 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Jim\Test.sdf
[2008/06/01 11:10:50 | 000,224,146 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\debuggee.mdmp
[2008/05/28 20:29:10 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/05/28 20:05:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

[jjkiefer01]

Part 3 -

-------------------------------------------------------OTL Extras logfile created on: 9/8/2013 4:30:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 72.98% Memory free
4.77 Gb Paging File | 4.48 Gb Available in Paging File | 93.89% Paging File free
Paging file location(s): C:\pagefile.sys 3055 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 12.02 Gb Free Space | 9.40% Space Free | Partition Type: NTFS
Drive I: | 524.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 58.32 Gb Total Space | 33.19 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: HOME-DESKTOP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*isabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0484EC37-9ABD-4D84-A182-B4D1D715FE8C}" = Hoster Lite
"{0712667C-A171-49AE-A098-4ACDA28625F8}" = Sony Sound Forge 7.0
"{082BDF7B-4810-4599-BF0D-E3AC44EC8524}" = Microsoft ASP.NET 2.0 AJAX Extensions 1.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DF099-EA5C-482D-9901-C0A8B539B417}" = Microsoft Web Platform Installer 4.0
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5543C9C8-4F56-4E84-BD4F-454942043964}" = Microstudio
"{58A53B98-4759-4BBE-8F2D-878CD6B18CE2}" = SolidWorks Explorer 2012 SP04
"{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client
"{5A043038-3568-4F92-8151-E1EA5C711CBC}" = SolidWorks eDrawings 2012 SP04
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{5FECE3AC-7981-4E96-BAAE-CDDAC87073E4}" = SolidWorks Flow Simulation 2012 SP04
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{66F0E678-69C2-4C46-BA95-117DF28C87E4}" = Microsoft WebMatrix
"{67117653-D33F-4151-BD74-423D2484C1D8}" = ASPNetVideo
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B6960A3-F28A-46B2-833D-84A4EA37C032}_is1" = Satellite Direct v11.1.1.2
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{739126B3-1C80-4F1F-8D59-312A19633E1A}_is1" = Epub reader
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84155839-E820-418A-B94D-388DEE985AA5}" = Autodesk 123D Catch
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CBB2A51-93E3-4A2F-8A06-98B5AE28EBD2}" = Hoster Lite
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D5D52242-0767-4A6E-8A8A-B5CB8015E9BF}" = Video Capture USB
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}" = Microsoft Web Deploy 3.0
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J220
"{FE706200-62BF-4D25-8B34-DC31189DE902}" = SolidWorks 2012 SP04
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon Kindle" = Amazon Kindle
"ATI Display Driver" = ATI Display Driver
"Blackboard IM" = Blackboard IM 4.1.0-C
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSX30IS" = Canon PowerShot SX30 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONBJ_Deinstall_CNMCP4q.DLL" = Canon i9100
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EasyBurningSoftware" = EasyBurningSoftware
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"FBReader for Windows" = FBReader for Windows
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.1
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.1.0 (Full)
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"OneTouch Version 3.0" = OneTouch Version 3.0
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Software Assist" = Software Assist
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SolidWorks Installation Manager 20120-40400-1100-200" = SolidWorks 2012 SP04
"TVEpaDrv" = Roxio Video Capture USB Driver
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2013 9:27:24 AM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/21/2013 9:27:24 AM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/23/2013 4:12:54 PM | Computer Name = HOME-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.3.216.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 8/23/2013 6:34:31 PM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/23/2013 7:27:18 PM | Computer Name = HOME-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.216.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/23/2013 8:03:37 PM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/23/2013 8:05:46 PM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/24/2013 12:49:07 AM | Computer Name = HOME-DESKTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.216.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 8/24/2013 1:19:38 AM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 8/24/2013 1:21:40 AM | Computer Name = HOME-DESKTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 9/8/2013 1:14:23 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Web Deployment Agent Service service hung on starting.

Error - 9/8/2013 1:14:25 PM | Computer Name = HOME-DESKTOP | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:80. The IP
Listen-Only list may contain a reference to an interface which may not exist on
this machine. The data field contains the error number.

Error - 9/8/2013 1:14:29 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7023
Description = The Web Deployment Agent Service service terminated with the following
error: %%2148734208

Error - 9/8/2013 3:51:00 PM | Computer Name = HOME-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 9/8/2013 4:20:21 PM | Computer Name = HOME-DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address C43DC7BEB3E4 has been denied by the DHCP server 192.168.254.254 (The DHCP
Server sent a DHCPNACK message).

Error - 9/8/2013 4:21:07 PM | Computer Name = HOME-DESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BrYNSvc with
arguments "" in order to run the server: {F2189AE3-E432-427F-93B6-38D1C6F5E8D4}

Error - 9/8/2013 4:22:53 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7022
Description = The Web Deployment Agent Service service hung on starting.

Error - 9/8/2013 4:22:55 PM | Computer Name = HOME-DESKTOP | Source = HTTP | ID = 15005
Description = Unable to bind to the underlying transport for 0.0.0.0:80. The IP
Listen-Only list may contain a reference to an interface which may not exist on
this machine. The data field contains the error number.

Error - 9/8/2013 4:23:00 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7023
Description = The Web Deployment Agent Service service terminated with the following
error: %%2148734208

Error - 9/8/2013 4:26:53 PM | Computer Name = HOME-DESKTOP | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe WUSB54GC.exe -- (WUSB54GCSVC)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe -- (Remote Solver for Flow Simulation 2012)
SRV - File not found [Disabled | Stopped] -- -- (Mam4tsy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ecnocbwq.sys -- (sfbtu)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (Aslteilte)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Broni]

Still with me?

 

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.