Solved Multiple iexplore.exe running in task manager, even if IE isn't open

Linda R · Jan 1, 2014

I see someone else just had the same problem as I'm experiencing. I am hoping you will be able to help me clean my machine too! I think I clicked on a bogus link to update java and that's when the problems started. I have run MBAM 3 times, so I will attach all three reports. I have tried several times to run the DDS report. I turned off the firewall and antivirus and disconnected from the internet, but every time I run it, it only gives me the attach.txt file and never gives me a dds.txt file. Something must still be blocking it from running correctly but I don't know what it is. Thanks in advance for any help you can offer me! This is the computer I use for work and I'm really hoping I can clean it because installing all the software and making it all work with the company network again will be a pain at the very least!

Linda R · Jan 1, 2014

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.31.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda :: WELLSCO-LAPPY [administrator]
Protection: Enabled
12/31/2013 9:49:21 PM
mbam-log-2013-12-31 (21-49-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271118
Time elapsed: 31 minute(s),
Memory Processes Detected: 52
C:\WINDOWS\system32\ykelw.exe (Trojan.Agent.SCS) -> 672 -> Delete on reboot.
C:\WINDOWS\system32\azoftomyc.exe (Trojan.Agent.SCS) -> 3036 -> Delete on reboot.
C:\WINDOWS\system32\afapl.exe (Trojan.Agent.SCS) -> 3408 -> Delete on reboot.
C:\WINDOWS\system32\ygrynob.exe (Trojan.Agent.SCS) -> 3776 -> Delete on reboot.
C:\WINDOWS\system32\huxopep.exe (Trojan.Agent.SCS) -> 1748 -> Delete on reboot.
C:\WINDOWS\system32\ybdiimakor.exe (Trojan.Agent.SCS) -> 2480 -> Delete on reboot.
C:\WINDOWS\system32\keiftakuri.exe (Trojan.Agent.SCS) -> 2860 -> Delete on reboot.
C:\WINDOWS\system32\ykylihanty.exe (Trojan.Agent.SCS) -> 2332 -> Delete on reboot.
C:\WINDOWS\system32\ubque.exe (Trojan.Agent.SCS) -> 3072 -> Delete on reboot.
C:\WINDOWS\system32\puywew.exe (Trojan.Agent.SCS) -> 2168 -> Delete on reboot.
C:\WINDOWS\system32\ycyxpyr.exe (Trojan.Agent.SCS) -> 2552 -> Delete on reboot.
C:\WINDOWS\system32\exykbaoq.exe (Trojan.Agent.SCS) -> 3600 -> Delete on reboot.
C:\WINDOWS\system32\ograobyru.exe (Trojan.Agent.SCS) -> 2372 -> Delete on reboot.
C:\WINDOWS\system32\paovkytoab.exe (Trojan.Agent.SCS) -> 3252 -> Delete on reboot.
C:\WINDOWS\system32\ydixpeaz.exe (Trojan.Agent.SCS) -> 3020 -> Delete on reboot.
C:\WINDOWS\system32\ocxumixuon.exe (Trojan.Agent.SCS) -> 664 -> Delete on reboot.
C:\WINDOWS\system32\alxepezozu.exe (Trojan.Agent.SCS) -> 944 -> Delete on reboot.
C:\WINDOWS\system32\enemilorc.exe (Trojan.Agent.SCS) -> 2708 -> Delete on reboot.
C:\WINDOWS\system32\unvidyn.exe (Trojan.Agent.SCS) -> 3240 -> Delete on reboot.
C:\WINDOWS\system32\tinauwu.exe (Trojan.Agent.SCS) -> 3928 -> Delete on reboot.
C:\WINDOWS\system32\xiaheb.exe (Trojan.Agent.SCS) -> 2208 -> Delete on reboot.
C:\WINDOWS\system32\geulogora.exe (Trojan.Agent.SCS) -> 2604 -> Delete on reboot.
C:\WINDOWS\system32\eqfaci.exe (Trojan.Agent.SCS) -> 3176 -> Delete on reboot.
C:\WINDOWS\system32\igolokiw.exe (Trojan.Agent.SCS) -> 3344 -> Delete on reboot.
C:\WINDOWS\system32\qiexat.exe (Trojan.Agent.SCS) -> 1300 -> Delete on reboot.
C:\WINDOWS\system32\omurxakiid.exe (Trojan.Agent.SCS) -> 3604 -> Delete on reboot.
C:\WINDOWS\system32\ebetqily.exe (Trojan.Agent.SCS) -> 3352 -> Delete on reboot.
C:\WINDOWS\system32\buhyo.exe (Trojan.Agent.SCS) -> 3216 -> Delete on reboot.
C:\WINDOWS\system32\kapuv.exe (Trojan.Agent.SCS) -> 4040 -> Delete on reboot.
C:\WINDOWS\system32\emzukiib.exe (Trojan.Agent.SCS) -> 3816 -> Delete on reboot.
C:\WINDOWS\system32\daedge.exe (Trojan.Agent.SCS) -> 4088 -> Delete on reboot.
C:\WINDOWS\system32\vaacxuo.exe (Trojan.Agent.SCS) -> 3736 -> Delete on reboot.
C:\WINDOWS\system32\mocerin.exe (Trojan.Agent.SCS) -> 2488 -> Delete on reboot.
C:\WINDOWS\system32\enosg.exe (Trojan.Agent.SCS) -> 3164 -> Delete on reboot.
C:\WINDOWS\system32\cehuloesa.exe (Trojan.Agent.SCS) -> 820 -> Delete on reboot.
C:\WINDOWS\system32\mymowu.exe (Trojan.Agent.SCS) -> 3572 -> Delete on reboot.
C:\WINDOWS\system32\feesomu.exe (Trojan.Agent.SCS) -> 2800 -> Delete on reboot.
C:\WINDOWS\system32\loanreywpi.exe (Trojan.Agent.SCS) -> 3272 -> Delete on reboot.
C:\WINDOWS\system32\kyrydaoh.exe (Trojan.Agent.SCS) -> 3552 -> Delete on reboot.
C:\WINDOWS\system32\nymog.exe (Trojan.Agent.SCS) -> 3024 -> Delete on reboot.
C:\WINDOWS\system32\aqazwoew.exe (Trojan.Agent.SCS) -> 3200 -> Delete on reboot.
C:\WINDOWS\system32\raobofymqo.exe (Trojan.Agent.SCS) -> 1548 -> Delete on reboot.
C:\WINDOWS\system32\zeexeduq.exe (Trojan.Agent.SCS) -> 2680 -> Delete on reboot.
C:\WINDOWS\system32\efewgodor.exe (Trojan.Agent.SCS) -> 2828 -> Delete on reboot.
C:\WINDOWS\system32\wyibv.exe (Trojan.Agent.SCS) -> 3052 -> Delete on reboot.
C:\WINDOWS\system32\dyarap.exe (Trojan.Agent.SCS) -> 4016 -> Delete on reboot.
C:\WINDOWS\system32\boaqbize.exe (Trojan.Agent.SCS) -> 3932 -> Delete on reboot.
C:\WINDOWS\system32\qaebuqq.exe (Trojan.Agent.SCS) -> 3256 -> Delete on reboot.
C:\WINDOWS\system32\tovaan.exe (Trojan.Agent.SCS) -> 864 -> Delete on reboot.
C:\WINDOWS\system32\uknuupadaz.exe (Trojan.Agent.SCS) -> 3016 -> Delete on reboot.
C:\WINDOWS\system32\ocgyokyvzu.exe (Trojan.Agent.SCS) -> 768 -> Delete on reboot.
C:\WINDOWS\system32\atoxzeg.exe (Trojan.Agent.SCS) -> 3056 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 98
HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> No action taken.
HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> No action taken.
HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> No action taken.
HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> No action taken.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> No action taken.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> No action taken.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1009129834 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1045277016 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1077681284 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1400526015 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer148055121 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1480660342 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1496601110 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1541930118 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1550004034 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1582427453 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1682931450 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1759603747 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1760132708 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer181222385 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1837202346 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1840105033 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1909327088 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1992904510 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2020043493 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2021079978 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2071366727 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2107501059 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2280120200 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2291387716 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2367266893 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2378935339 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2447576690 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2538284125 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer257106408 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2583144573 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2613112027 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2632061207 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2652522690 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2726434141 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2735106879 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2743614875 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer284634372 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2856962151 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer2942013615 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer299863450 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3061588198 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3073345554 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3079806573 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer31111543 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3194045644 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3226180819 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3385171742 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3447155896 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3524203983 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer358465979 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3586148606 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3597356647 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3650910561 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3670946163 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3773383004 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3782461720 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3842007731 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer3928626687 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4021211599 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4170343503 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4217602016 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4273213313 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4276568966 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer4290167050 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer434999234 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer436956718 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer543060426 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer586283376 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer605251562 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer680620793 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer685441751 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer686400689 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer708139796 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer727974584 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer729828264 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer775874379 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer838199781 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer849625114 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer864406640 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer900547098 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer90892532 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer936339685 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer941090548 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer988588801 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GameServer50E (Trojan.Agent.TMSGen) -> Data: "C:\Documents and Settings\Linda\Application Data\Bentley\WINAC.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Program Files\outobox (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\plugins (PUP.Optional.Outobox.A) -> No action taken.
Files Detected: 190
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> No action taken.
C:\Documents and Settings\Linda\Local Settings\Temp\Outobox.exe (PUP.Optional.Outobox.A) -> No action taken.
C:\Documents and Settings\Linda\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.
C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\plugins\outobox.FFUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\plugins\outobox.GCUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
C:\Program Files\outobox\bin\plugins\outobox.IEUpdate.dll (PUP.Optional.Outobox.A) -> No action taken.
C:\Documents and Settings\Linda\Application Data\Autodesk\WIN7B.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\Java_Update_06c5260d.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\Java_Update_45b6b863.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\hiiim.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\hiiin.exe (Trojan.Downloader.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\1syasdsgscsafgrwonf.exe (Spyware.Passwords.ED) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\2syasdsgscsafgrwonf.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1009129834.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1045277016.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1077681284.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1400526015.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 148055121.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1480660342.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1496601110.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1541930118.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1550004034.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1582427453.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1682931450.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1759603747.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1760132708.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 181222385.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1837202346.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1840105033.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1909327088.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 1992904510.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2020043493.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2021079978.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2071366727.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2107501059.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2280120200.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2291387716.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2367266893.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2378935339.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2447576690.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2538284125.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 257106408.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2583144573.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2613112027.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2632061207.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2652522690.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2726434141.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2735106879.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2743614875.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 284634372.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2856962151.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 2942013615.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 299863450.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3061588198.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3073345554.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3079806573.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 31111543.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3194045644.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3226180819.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3385171742.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3447155896.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3524203983.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 358465979.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3586148606.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3597356647.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3650910561.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3670946163.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3773383004.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3782461720.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3842007731.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 3928626687.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4021211599.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4170343503.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4217602016.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4273213313.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4276568966.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 4290167050.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 434999234.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 436956718.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 543060426.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 586283376.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 605251562.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 680620793.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 685441751.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 686400689.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 708139796.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 727974584.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 729828264.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 775874379.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 838199781.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 849625114.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 864406640.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 900547098.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 90892532.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 936339685.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 941090548.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Security Center Update - 988588801.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykelw.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\azoftomyc.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\afapl.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ygrynob.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\huxopep.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ybdiimakor.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\keiftakuri.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ykylihanty.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ubque.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\puywew.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ycyxpyr.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\exykbaoq.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ograobyru.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\paovkytoab.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ydixpeaz.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ocxumixuon.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\alxepezozu.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\enemilorc.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\unvidyn.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\tinauwu.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\xiaheb.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\geulogora.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\eqfaci.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\igolokiw.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\qiexat.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\omurxakiid.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ebetqily.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\buhyo.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\kapuv.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\emzukiib.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\daedge.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\vaacxuo.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\mocerin.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\enosg.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\cehuloesa.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\mymowu.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\feesomu.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\loanreywpi.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\kyrydaoh.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\nymog.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\aqazwoew.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\raobofymqo.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\zeexeduq.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\efewgodor.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\wyibv.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\dyarap.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\boaqbize.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\qaebuqq.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\tovaan.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\uknuupadaz.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\ocgyokyvzu.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\atoxzeg.exe (Trojan.Agent.SCS) -> Delete on reboot.
C:\WINDOWS\system32\uforqo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaahfyyxom.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yneteshuy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ycurnuutu.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nailvemye.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axsyfuekci.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zogeortuuh.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mexexusyo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\syumy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zecokahyk.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\quvam.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okopkyiw.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gahacice.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adezypa.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exyli.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\exqumyxiy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amkykimo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikubi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neofsy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pegiiq.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hepic.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zaidduy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\famadi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxursyfy.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\roedapnody.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\baelymca.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erwootna.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xeniitibe.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\osonbo.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ziapkou.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\toahobopi.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fyuch.exe (Trojan.Agent.SCS) -> Quarantined and deleted successfully.
(end)

Linda R · Jan 1, 2014

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.31.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda :: WELLSCO-LAPPY [administrator]
Protection: Disabled
12/31/2013 11:16:46 PM
mbam-log-2013-12-31 (23-16-46).txt
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 217631
Time elapsed: 3 minute(s), 23 second(s)
Memory Processes Detected: 1
C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> 3240 -> Delete on reboot.
Memory Modules Detected: 2
C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
Registry Keys Detected: 11
HKLM\SYSTEM\CurrentControlSet\Services\Util outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{30f06672-0e95-41a9-80cb-dee386af99ad} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1eb0a0b0-cabb-495c-a85a-7c8f891799c7} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F06672-0E95-41A9-80CB-DEE386AF99AD} (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Program Files\outobox (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin\plugins (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
Files Detected: 14
C:\Program Files\outobox\bin\utiloutobox.exe (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\outoboxBHO.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\updateoutobox.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\Outobox.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outobox.ico (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\updateoutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\sqlite3.dll (PUP.Optional.Outobox.A) -> Delete on reboot.
C:\Program Files\outobox\bin\utiloutobox.InstallState (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\plugins\outobox.FFUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\plugins\outobox.GCUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
C:\Program Files\outobox\bin\plugins\outobox.IEUpdate.dll (PUP.Optional.Outobox.A) -> Quarantined and deleted successfully.
(end)

Linda R · Jan 1, 2014

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.12.31.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda :: WELLSCO-LAPPY [administrator]
Protection: Enabled
12/31/2013 11:36:04 PM
mbam-log-2013-12-31 (23-36-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268797
Time elapsed: 31 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Linda\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Quarantined and deleted successfully.
(end)

Linda R · Jan 1, 2014

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/14/2010 5:42:57 PM
System Uptime: 12/31/2013 10:37:51 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 309F
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | U10 | 2161/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 3.283 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 25.736 GiB free.
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&4878531&0&00E1
Service: NETw4x32
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: MoGo_Mouse_BT _
Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Manufacturer:
Name: MoGo_Mouse_BT _
PNP Device ID: PCMCIA\MOGO_MOUSE_BT-_-061F\1
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\IFX0102\4&28738126&0
Manufacturer:
Name:
PNP Device ID: ACPI\IFX0102\4&28738126&0
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: DesignJet 800PS (C7780C)
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: DesignJet 800PS (C7780C)
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP842: 11/30/2013 10:12:30 PM - System Checkpoint
RP843: 12/1/2013 10:55:39 PM - System Checkpoint
RP844: 12/2/2013 11:11:27 PM - System Checkpoint
RP845: 12/4/2013 12:11:55 AM - System Checkpoint
RP846: 12/5/2013 12:40:15 AM - System Checkpoint
RP847: 12/6/2013 1:37:58 AM - System Checkpoint
RP848: 12/7/2013 2:37:58 AM - System Checkpoint
RP849: 12/8/2013 3:38:00 AM - System Checkpoint
RP850: 12/9/2013 8:40:16 PM - System Checkpoint
RP851: 12/10/2013 8:53:15 PM - System Checkpoint
RP852: 12/11/2013 11:10:38 PM - System Checkpoint
RP853: 12/12/2013 3:00:19 AM - Software Distribution Service 3.0
RP854: 12/13/2013 3:01:21 AM - Software Distribution Service 3.0
RP855: 12/14/2013 4:04:36 PM - System Checkpoint
RP856: 12/15/2013 6:17:07 PM - System Checkpoint
RP857: 12/16/2013 1:46:33 PM - Printer Driver LogMeIn Printer Driver Installed
RP858: 12/17/2013 2:14:30 PM - System Checkpoint
RP859: 12/18/2013 3:27:28 PM - System Checkpoint
RP860: 12/19/2013 7:42:26 PM - System Checkpoint
RP861: 12/20/2013 7:56:56 PM - System Checkpoint
RP862: 12/21/2013 8:58:00 PM - System Checkpoint
RP863: 12/22/2013 9:56:55 PM - System Checkpoint
RP864: 12/23/2013 10:10:53 PM - System Checkpoint
RP865: 12/24/2013 10:56:56 PM - System Checkpoint
RP866: 12/26/2013 5:13:14 PM - System Checkpoint
RP867: 12/27/2013 6:47:47 PM - System Checkpoint
RP868: 12/28/2013 7:01:50 PM - System Checkpoint
RP869: 12/29/2013 7:48:57 PM - System Checkpoint
RP870: 12/30/2013 8:18:04 PM - System Checkpoint
.
==== Image File Execution Options =============
.
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

Broni · Jan 1, 2014

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Linda R · Jan 1, 2014

First of all, I want to say THANK YOU! so much for taking time out of your holiday to help me with this! I really appreciate it! Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014
Ran by Linda (administrator) on WELLSCO-LAPPY on 01-01-2014 16:09:47
Running from F:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Cisco Systems, Inc.) D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Gordoware) C:\Program Files\gordoware\connectto.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\accelerometerST.exe [53248 2006-01-16] (Hewlett-Packard Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
HKLM\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
HKLM\...\Run: [Noekyp] - "C:\Documents and Settings\Linda\Application Data\Ocorypi\kooxhel.exe"
HKLM\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
HKLM\...\Run: [Urhyow] - "C:\Documents and Settings\Linda\Application Data\Unosehul\zedeamu.exe"
HKLM\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
HKLM\...\Run: [Vaibmiuto] - "C:\Documents and Settings\Linda\Application Data\Ipiqrioc\kyhub.exe"
HKLM\...\Run: [Wibuu] - "C:\Documents and Settings\Linda\Application Data\Leiber\ruzeiny.exe"
HKLM\...\Run: [Nyehfydiemsopuw] - "C:\Documents and Settings\Linda\Application Data\Esefibv\bazuesi.exe"
HKLM\...\Run: [Diwalyevvoo] - "C:\Documents and Settings\Linda\Application Data\Duuvqet\uxsuk.exe"
HKLM\...\Run: [Ykoqkyhezu] - "C:\Documents and Settings\Linda\Application Data\Exruhac\vyrado.exe"
HKLM\...\Run: [Iwopukqe] - "C:\Documents and Settings\Linda\Application Data\Amfogaov\ewlipei.exe"
HKLM\...\Run: [Isiqtefeu] - "C:\Documents and Settings\Linda\Application Data\Diriacq\vyokeg.exe"
HKLM\...\Run: [Zowyguefobunn] - "C:\Documents and Settings\Linda\Application Data\Ihuvor\ryolu.exe"
HKLM\...\Run: [Qyupi] - "C:\Documents and Settings\Linda\Application Data\Seibup\ucepa.exe"
HKLM\...\Run: [Tauvu] - "C:\Documents and Settings\Linda\Application Data\Piaryk\biaqlak.exe"
HKLM\...\Run: [Vaokgeozqoo] - "C:\Documents and Settings\Linda\Application Data\Asawpate\usyvy.exe"
HKLM\...\Run: [Efneoqol] - "C:\Documents and Settings\Linda\Application Data\Huywypm\enegob.exe"
HKLM\...\Run: [Bedot] - "C:\Documents and Settings\Linda\Application Data\Soluhi\fekaev.exe"
HKLM\...\Run: [Yvsiagsiuxeccy] - "C:\Documents and Settings\Linda\Application Data\Pyexfudu\mesyuv.exe"
HKLM\...\Run: [Beykbiagokekocb] - "C:\Documents and Settings\Linda\Application Data\Coyhut\gucisom.exe"
HKLM\...\Run: [Vaizitysutzy] - "C:\Documents and Settings\Linda\Application Data\Fuoccai\wizinoy.exe"
HKLM\...\Run: [Mitelugub] - "C:\Documents and Settings\Linda\Application Data\Coreebaf\geyqp.exe"
HKLM\...\Run: [Ovokiqomaru] - "C:\Documents and Settings\Linda\Application Data\Ynedve\mefici.exe"
HKLM\...\Run: [Owumruyp] - "C:\Documents and Settings\Linda\Application Data\Maryag\woisy.exe"
HKLM\...\Run: [Kaagxi] - "C:\Documents and Settings\Linda\Application Data\Ubifcuol\rainin.exe"
HKLM\...\Run: [Futikyegrai] - "C:\Documents and Settings\Linda\Application Data\Suvakir\fobeagm.exe"
HKLM\...\Run: [Afunatpiabi] - "C:\Documents and Settings\Linda\Application Data\Usegyfw\onepz.exe"
HKLM\...\Run: [Yqnakyewquneeps] - "C:\Documents and Settings\Linda\Application Data\Lumyza\duleqi.exe"
HKLM\...\Run: [Azbuafq] - "C:\Documents and Settings\Linda\Application Data\Cuxyxuwu\iwhipa.exe"
HKLM\...\Run: [Uxufiva] - "C:\Documents and Settings\Linda\Application Data\Puzaadu\opzoom.exe"
HKLM\...\Run: [Ugocibr] - "C:\Documents and Settings\Linda\Application Data\Riigakk\ipquyg.exe"
HKLM\...\Run: [Didaisy] - "C:\Documents and Settings\Linda\Application Data\Ohhaylk\encey.exe"
HKLM\...\Run: [Luhooga] - "C:\Documents and Settings\Linda\Application Data\Zaxoneo\anpimui.exe"
HKLM\...\Run: [Pigiixzu] - "C:\Documents and Settings\Linda\Application Data\Wiydhaca\eqini.exe"
HKLM\...\Run: [Yxipud] - "C:\Documents and Settings\Linda\Application Data\Heovrex\ozmyy.exe"
HKLM\...\Run: [Keimowvio] - "C:\Documents and Settings\Linda\Application Data\Dibuegfy\muymk.exe"
HKLM\...\Run: [Itbyfuafaxecy] - "C:\Documents and Settings\Linda\Application Data\Ecivwity\byvigo.exe"
HKLM\...\Run: [Ofolixylrode] - "C:\Documents and Settings\Linda\Application Data\Yqydkui\wyesoq.exe"
HKLM\...\Run: [Voecvitocahe] - "C:\Documents and Settings\Linda\Application Data\Naheav\ilrol.exe"
HKLM\...\Run: [Liiqniceys] - "C:\Documents and Settings\Linda\Application Data\Esbudu\muifeg.exe"
HKLM\...\Run: [Asonukcivovi] - "C:\Documents and Settings\Linda\Application Data\Kutiqoka\vayfeve.exe"
HKLM\...\Run: [Riixsaoku] - "C:\Documents and Settings\Linda\Application Data\Cyziudv\amame.exe"
HKLM\...\Run: [Agedynyrohhato] - "C:\Documents and Settings\Linda\Application Data\Idxoeges\ranuapx.exe"
HKLM\...\Run: [Esahorfiybzyc] - "C:\Documents and Settings\Linda\Application Data\Feywohaw\igxuafu.exe"
HKLM\...\Run: [Suidmit] - "C:\Documents and Settings\Linda\Application Data\Tyyfepaq\epowu.exe"
HKLM\...\Run: [Suetexetqoi] - "C:\Documents and Settings\Linda\Application Data\Beebyrl\igywru.exe"
HKLM\...\Run: [Uryfcuednakea] - "C:\Documents and Settings\Linda\Application Data\Myuffiy\usyqn.exe"
HKLM\...\Run: [Pixuumi] - "C:\Documents and Settings\Linda\Application Data\Elaphif\kenou.exe"
HKLM\...\Run: [Ikdivesa] - "C:\Documents and Settings\Linda\Application Data\Yzynul\likavi.exe"
HKLM\...\Run: [Ulwoweg] - "C:\Documents and Settings\Linda\Application Data\Ocubysc\naupx.exe"
HKLM\...\Run: [Inhovuugkiib] - "C:\Documents and Settings\Linda\Application Data\Opityh\akuml.exe"
HKLM\...\Run: [Pyfavyycakce] - "C:\Documents and Settings\Linda\Application Data\Xysayqod\oknoka.exe"
HKLM\...\Run: [Qicegoq] - "C:\Documents and Settings\Linda\Application Data\Xisynu\okfuul.exe"
HKLM\...\Run: [Ulawdu] - "C:\Documents and Settings\Linda\Application Data\Cuzeroro\deypek.exe"
HKLM\...\Run: [Nutewyebav] - "C:\Documents and Settings\Linda\Application Data\Ufhada\ydydda.exe"
HKLM\...\Run: [Xanahyeno] - "C:\Documents and Settings\Linda\Application Data\Axumyn\cotiubl.exe"
HKLM\...\Run: [Ylnuguco] - "C:\Documents and Settings\Linda\Application Data\Omduiklo\icumduo.exe"
HKLM\...\Run: [Wytoyp] - "C:\Documents and Settings\Linda\Application Data\Kyemyd\gyaduvi.exe"
HKLM\...\Run: [Wiomsefarioxx] - "C:\Documents and Settings\Linda\Application Data\Ywcuum\kirite.exe"
HKLM\...\Run: [Zoybiceqxyra] - "C:\Documents and Settings\Linda\Application Data\Cofuhyxi\olver.exe"
HKLM\...\Run: [Zuniomxoda] - "C:\Documents and Settings\Linda\Application Data\Zyypop\adtate.exe"
HKLM\...\Run: [Muofwavuanogyha] - "C:\Documents and Settings\Linda\Application Data\Kipoxai\osufe.exe"
HKLM\...\Run: [Doteohobehleb] - "C:\Documents and Settings\Linda\Application Data\Evamiw\ytkudi.exe"
HKLM\...\Run: [Umruitota] - "C:\Documents and Settings\Linda\Application Data\Cuaxro\qoseu.exe"
HKLM\...\Run: [Pyxaledibovukup] - "C:\Documents and Settings\Linda\Application Data\Leroxo\pautod.exe"
HKLM\...\Run: [Rypicagiakogheg] - "C:\Documents and Settings\Linda\Application Data\Hiuntot\cemybub.exe"
HKLM\...\Run: [Uxednaofhaec] - "C:\Documents and Settings\Linda\Application Data\Myikrivu\qimyyd.exe"
HKLM\...\Run: [Enbocoeh] - "C:\Documents and Settings\Linda\Application Data\Opiffao\zealod.exe"
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKCU\...\Run: [Inpgsoft] - regsvr32.exe "C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll" <===== ATTENTION
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-17] (Google Inc.)
HKCU\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
HKCU\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
HKCU\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
HKCU\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
MountPoints2: {04d20c00-4d7b-11e3-ac40-444553544200} - F:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {3eb75dba-5419-11e2-ac0c-001a6b2a37c3} - F:\TLBootstrap_WPP.exe
MountPoints2: {41f4f08e-323e-11e2-abfe-001a6b2a37c3} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk
ShortcutTarget: checkmaps.lnk -> C:\Program Files\gordoware\checkmaps.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk
ShortcutTarget: connectto.lnk -> C:\Program Files\gordoware\connectto.exe (Gordoware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {07871812-1823-4118-B7A8-B2C956AC8742} URL = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
SearchScopes: HKCU - {8CC45221-51CE-4DD1-8F4A-822235DB4D63} URL = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKCU - {954B9569-E869-4AE5-B2AB-F2700519E569} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
SearchScopes: HKCU - {98383ACF-5F17-49F1-91D7-EE480B517CA8} URL = http://www.weather.com/search/enhanced?where={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {C2A09D41-25C9-4E60-A52B-BA6068DD941D} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {DDD8124F-D233-44C2-A68C-9B432298DA67} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - FromDocToPDF - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: 12.151.201.180 tup-dc1
Tcpip\..\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: [NameServer]166.68.227.10,166.68.195.10

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (Mindspark)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Status-bar Calculator - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\calculator@cmcculloh
FF Extension: No Name - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\staged
FF Extension: DAO.TableDef.120 - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox1@myibay.com.xpi
FF Extension: outobox - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox@outobox.net.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Tab Mix Plus - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (PDF-XChange Viewer) - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Extension: (Docs) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx

Linda R · Jan 1, 2014

Here is the second part of the first log:

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-11-15] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 CVPND; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S3 ExtranetAccess; C:\Program Files\Nortel Networks\Extranet_serv.exe [811008 2007-04-18] (Nortel Networks NA, Inc.)
S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648 2013-12-09] (COMPANYVERS_NAME)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2013-02-20] (Juniper Networks, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [95744 1998-06-10] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 ATMDLC; C:\Windows\System32\DRIVERS\atmdlc.sys [40952 2009-08-27] (Attachmate Corporation)
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [401664 2006-02-15] (Broadcom Corporation.)
S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30363 2006-02-15] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148168 2006-02-15] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [44163 2006-02-15] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 Eacfilt; C:\Windows\System32\DRIVERS\eacfilt.sys [26137 2007-04-18] (Nortel Networks)
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-10-16] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989312 2007-10-16] (Conexant Systems, Inc.)
S3 IPSECEXT; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna5.sys [446712 2013-01-17] (Juniper Networks, Inc.)
S4 jnprTdi_730_32781; C:\WINDOWS\system32\Drivers\jnprTdi_730_32781.sys [90456 2013-02-19] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2013-01-17] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2013-01-17] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-05-25] (Smith Micro Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-11-15] (Acronis)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x]
U1 eabfiltr;
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
2014-01-01 16:06 - 2014-01-01 16:08 - 00004754 _____ C:\WINDOWS\setupapi.log
2013-12-31 23:06 - 2014-01-01 13:09 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
2013-12-31 22:42 - 2014-01-01 15:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-31 22:42 - 2014-01-01 15:59 - 00000048 _____ C:\WINDOWS\wiaservc.log
2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
2013-12-31 17:25 - 2013-12-31 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-31 17:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
2013-12-31 17:04 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
2013-12-31 17:04 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
2013-12-31 17:03 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
2013-12-31 17:03 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
2013-12-31 17:02 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
2013-12-31 17:00 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
2013-12-31 16:59 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
2013-12-31 16:57 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
2013-12-31 16:56 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
2013-12-31 16:56 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
2013-12-31 16:55 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
2013-12-31 16:53 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
2013-12-31 16:52 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
2013-12-31 16:52 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
2013-12-31 16:51 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
2013-12-31 16:49 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
2013-12-31 16:48 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
2013-12-31 16:46 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
2013-12-31 16:45 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
2013-12-31 16:45 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
2013-12-31 16:44 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
2013-12-31 16:43 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
2013-12-31 16:43 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
2013-12-31 16:42 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
2013-12-31 16:40 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
2013-12-31 16:39 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
2013-12-31 16:37 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
2013-12-31 16:35 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
2013-12-31 16:33 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
2013-12-31 16:32 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
2013-12-31 16:30 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
2013-12-31 16:29 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
2013-12-31 16:27 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
2013-12-31 16:26 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
2013-12-31 16:24 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
2013-12-31 16:23 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
2013-12-31 16:21 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
2013-12-31 16:20 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
2013-12-31 16:18 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
2013-12-31 16:16 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
2013-12-31 16:15 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
2013-12-31 16:13 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
2013-12-31 16:11 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
2013-12-31 16:10 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
2013-12-31 16:09 - 2014-01-01 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
2013-12-31 16:09 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
2013-12-31 16:08 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
2013-12-31 16:07 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
2013-12-31 14:25 - 2014-01-01 14:26 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

==================== One Month Modified Files and Folders =======

2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
2014-01-01 16:08 - 2014-01-01 16:06 - 00004754 _____ C:\WINDOWS\setupapi.log
2014-01-01 16:07 - 2013-12-31 16:09 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
2014-01-01 16:06 - 2010-11-14 19:42 - 01882622 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 16:05 - 2003-03-31 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-01 15:59 - 2013-12-31 22:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-01 15:59 - 2013-12-31 22:42 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-01 15:59 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.001
2014-01-01 15:58 - 2013-04-17 10:40 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 15:57 - 2010-11-14 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 15:55 - 2010-11-14 17:44 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-01 15:54 - 2013-12-31 17:04 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
2014-01-01 15:54 - 2013-12-31 17:03 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
2014-01-01 15:54 - 2013-12-31 17:00 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
2014-01-01 15:54 - 2013-12-31 16:57 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
2014-01-01 15:54 - 2013-12-31 16:56 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
2014-01-01 15:54 - 2013-12-31 16:55 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
2014-01-01 15:54 - 2013-12-31 16:53 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
2014-01-01 15:54 - 2013-12-31 16:52 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
2014-01-01 15:54 - 2013-12-31 16:50 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
2014-01-01 15:54 - 2013-12-31 16:50 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
2014-01-01 15:54 - 2013-12-31 16:47 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
2014-01-01 15:54 - 2013-12-31 16:47 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
2014-01-01 15:54 - 2013-12-31 16:45 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
2014-01-01 15:54 - 2013-12-31 16:43 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
2014-01-01 15:45 - 2010-11-15 16:19 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-01 15:35 - 2013-12-31 17:06 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
2014-01-01 15:35 - 2013-12-31 17:06 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
2014-01-01 15:35 - 2013-12-31 17:04 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
2014-01-01 15:35 - 2013-12-31 17:03 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
2014-01-01 15:35 - 2013-12-31 17:02 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
2014-01-01 15:35 - 2013-12-31 17:01 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
2014-01-01 15:35 - 2013-12-31 17:01 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
2014-01-01 15:35 - 2013-12-31 16:59 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
2014-01-01 15:35 - 2013-12-31 16:58 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
2014-01-01 15:35 - 2013-12-31 16:58 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
2014-01-01 15:35 - 2013-12-31 16:56 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
2014-01-01 15:35 - 2013-12-31 16:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
2014-01-01 15:35 - 2013-12-31 16:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
2014-01-01 15:35 - 2013-12-31 16:52 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
2014-01-01 15:35 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
2014-01-01 15:35 - 2013-12-31 16:49 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
2014-01-01 15:35 - 2013-12-31 16:48 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
2014-01-01 15:35 - 2013-12-31 16:46 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
2014-01-01 15:35 - 2013-12-31 16:45 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
2014-01-01 15:35 - 2013-12-31 16:44 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
2014-01-01 15:35 - 2013-12-31 16:43 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
2014-01-01 15:35 - 2013-12-31 16:42 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
2014-01-01 15:35 - 2013-12-31 16:41 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
2014-01-01 15:35 - 2013-12-31 16:41 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
2014-01-01 15:35 - 2013-12-31 16:40 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
2014-01-01 15:35 - 2013-12-31 16:39 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
2014-01-01 15:35 - 2013-12-31 16:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
2014-01-01 15:35 - 2013-12-31 16:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
2014-01-01 15:35 - 2013-12-31 16:37 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
2014-01-01 15:35 - 2013-12-31 16:36 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
2014-01-01 15:35 - 2013-12-31 16:36 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
2014-01-01 15:35 - 2013-12-31 16:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
2014-01-01 15:35 - 2013-12-31 16:34 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
2014-01-01 15:35 - 2013-12-31 16:34 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
2014-01-01 15:35 - 2013-12-31 16:33 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
2014-01-01 15:35 - 2013-12-31 16:32 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
2014-01-01 15:35 - 2013-12-31 16:31 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
2014-01-01 15:35 - 2013-12-31 16:31 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
2014-01-01 15:35 - 2013-12-31 16:30 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
2014-01-01 15:35 - 2013-12-31 16:29 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
2014-01-01 15:35 - 2013-12-31 16:28 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
2014-01-01 15:35 - 2013-12-31 16:28 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
2014-01-01 15:35 - 2013-12-31 16:27 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
2014-01-01 15:35 - 2013-12-31 16:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
2014-01-01 15:35 - 2013-12-31 16:25 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
2014-01-01 15:35 - 2013-12-31 16:25 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
2014-01-01 15:35 - 2013-12-31 16:24 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
2014-01-01 15:35 - 2013-12-31 16:23 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
2014-01-01 15:35 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
2014-01-01 15:35 - 2013-12-31 16:22 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
2014-01-01 15:35 - 2013-12-31 16:21 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
2014-01-01 15:35 - 2013-12-31 16:20 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
2014-01-01 15:35 - 2013-12-31 16:19 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
2014-01-01 15:35 - 2013-12-31 16:19 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
2014-01-01 15:35 - 2013-12-31 16:18 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
2014-01-01 15:35 - 2013-12-31 16:17 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
2014-01-01 15:35 - 2013-12-31 16:17 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
2014-01-01 15:35 - 2013-12-31 16:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
2014-01-01 15:35 - 2013-12-31 16:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
2014-01-01 15:35 - 2013-12-31 16:14 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
2014-01-01 15:35 - 2013-12-31 16:14 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
2014-01-01 15:35 - 2013-12-31 16:13 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
2014-01-01 15:35 - 2013-12-31 16:12 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
2014-01-01 15:35 - 2013-12-31 16:12 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
2014-01-01 15:35 - 2013-12-31 16:11 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
2014-01-01 15:35 - 2013-12-31 16:10 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
2014-01-01 15:35 - 2013-12-31 16:09 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
2014-01-01 15:35 - 2013-12-31 16:08 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
2014-01-01 15:35 - 2013-12-31 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
2014-01-01 15:35 - 2012-06-03 22:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-01 15:15 - 2013-04-17 10:40 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 14:54 - 2010-11-14 17:38 - 00000000 ____D C:\WINDOWS\Registration
2014-01-01 14:26 - 2013-12-31 14:25 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-01 13:44 - 2013-10-14 12:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 13:09 - 2013-12-31 23:06 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
2014-01-01 00:40 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Help
2014-01-01 00:01 - 2012-08-28 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-12-31 23:23 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Resources
2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-31 22:37 - 2011-02-01 11:43 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-31 22:30 - 2010-12-08 13:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Autodesk
2013-12-31 20:26 - 2012-01-24 12:19 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-31 18:46 - 2013-04-04 11:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Bentley
2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
2013-12-31 17:26 - 2013-12-31 17:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
2013-12-31 15:04 - 2013-04-02 12:49 - 00000075 _____ C:\WINDOWS\iddsgtev8i.ini
2013-12-31 14:53 - 2011-12-14 15:00 - 00002305 _____ C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
2013-12-31 14:49 - 2010-11-14 10:55 - 00000329 ___SH C:\boot.ini
2013-12-31 14:49 - 2003-03-31 07:00 - 00000876 _____ C:\WINDOWS\win.ini
2013-12-31 14:49 - 2003-03-31 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-31 13:49 - 2012-05-24 15:21 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Verizon_Android
2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-12-17 11:53 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.dat
2013-12-16 13:46 - 2012-08-28 14:54 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
2013-12-16 13:46 - 2012-08-28 14:54 - 00000000 ____D C:\Program Files\LogMeIn
2013-12-16 13:45 - 2012-08-28 14:54 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2013-12-16 13:45 - 2012-08-28 14:54 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2013-12-16 13:45 - 2012-08-28 14:54 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2013-12-12 04:42 - 2012-12-11 23:10 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-12 04:42 - 2012-12-11 23:10 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-12 03:24 - 2010-11-14 10:56 - 00298048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 03:08 - 2012-05-24 15:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-12 03:07 - 2010-11-15 15:28 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-12 03:06 - 2013-08-14 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-12 03:06 - 2010-11-15 13:19 - 00046592 _____ C:\WINDOWS\system32\TZLog.log
2013-12-12 03:03 - 2010-11-15 13:16 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 22:25 - 2010-11-15 15:41 - 00000000 ____D C:\WINDOWS\pss
2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-11 14:35 - 2012-06-03 22:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 14:35 - 2012-06-03 22:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-09 15:42 - 2010-11-15 18:37 - 00000000 ____D C:\dgn
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
2013-12-05 04:19 - 2013-04-17 10:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-04 15:40 - 2011-12-14 15:10 - 00000336 _____ C:\Documents and Settings\Linda\Desktop\PA drive.bat
2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

Files to move or delete:
====================
C:\Documents and Settings\Linda\gotomypc_540.exe

Some content of TEMP:
====================
C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe
C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Linda R · Jan 1, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-01-2014
Ran by Linda at 2014-01-01 16:13:50
Running from F:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version: - )
8600_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
8600_Readme (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acronis True Image Home (Version: 13.0.5055 - Acronis)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (Version: 3.0 - )
Attachmate EXTRA! X-treme 9.1 (Version: 9.1.1071 - Attachmate)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9 - AuthenTec)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bentley Map V8i (SELECTseries 3) For MicroStation 08.11.09.91 (Version: 08.11.09.91 - Bentley Systems, Incorporated)
Bentley MicroStation (V 07.01.04.07) (Version: - )
Bentley MicroStation (V 08.05.02.45) - 1 (Version: - )
Bentley MicroStation GeoGraphics (V 08.05.02.13) (Version: - )
BlackBerry USB Drivers (Version: 2.00.0005 - Smith Micro Software, Inc.)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom NetXtreme Ethernet Controller (Version: 8.22.12 - Broadcom Corporation)
Brother MFC-6490CW (Version: 1.00 - Brother)
CCleaner (Version: 4.01 - Piriform)
Cisco Systems VPN Client 5.0.06.0160 (Version: 5.0.6 - Cisco Systems, Inc.)
Coupon Printer for Windows (Version: 5.0.0.0 - Coupons.com Incorporated)
Data Access Objects (DAO) 3.5 (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
FromDocToPDF Internet Explorer Toolbar (Version: - Mindspark Interactive Network)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version: - )
HP Integrated Module with Bluetooth wireless technology (Version: 4.0.1.3301 - HP)
HP Mobile Data Protection System (Version: 1.00 A6 - )
HP Officejet Pro K8600 Series (Version: 1.0 - HP)
HP ProtectTools Security Manager (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.30 J1 (Version: 6.30 J1 - Hewlett-Packard)
HP Smart Card Security for ProtectTools 5.00 D4 (Version: 5.00 D4 - Hewlett-Packard Company)
HP Wireless Assistant (Version: 3.00 I2 - Hewlett-Packard)
Java 7 Update 21 (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Juniper Networks, Inc. Setup Client (Version: 7.3.4.32787 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Junos Pulse 3.1 (Version: 3.1.32787 - Juniper Networks, Inc.)
Junos Pulse Core Components (Version: 3.1.32787 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 3.1.32787 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (Version: 3.1.32787 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (Version: 3.1.32787 - Juniper Networks) Hidden
K8600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
LightScribe System Software 1.10.19.1 (Version: 1.10.19.1 - http://www.lightscribe.com)
LogMeIn (Version: 4.1.2504 - LogMeIn, Inc.)
Magical Jelly Bean KeyFinder (Version: 2.0.8.1 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
MetaFrame Presentation Server Client (Version: 9.230.50211 - Citrix Systems, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MicroStation V8i (SELECTseries 3) 08.11.09.357 (Version: 08.11.09.357 - Bentley Systems, Incorporated)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (Version: 24.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MWSnap 3 (Version: 3.0.0.74 - Mirek Wojtowicz)
NetDeviceManager (Version: 90.0.205.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (Version: - )
Oracle Data Provider for .NET Help (Version: 10.2.020 - Oracle Corporation)
PDF-XChange 4 Pro (Version: 4.186.56.0 - Tracker Software Products Ltd)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
RedistSysFiles (Version: 8.1.0 - ) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
SES Driver (Version: 1.0.0 - Western Digital)
Synaptics Pointing Device Driver (Version: 10.2.4.0 - Synaptics)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0001 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0001 - Texas Instruments Inc.) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
Verizon Extranet Access Client (Version: - )
VZAccess Manager (Version: 7.2.9.1 - Smith Micro Software Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (Version: 1.5.7158 - Sling Media)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinImage (Version: - )
Yahoo! Software Update (Version: - )
Yahoo! Toolbar (Version: - Yahoo! Inc.)
ZipDownloader (Version: - )

==================== Restore Points =========================

07-12-2013 07:37:58 System Checkpoint
08-12-2013 08:38:00 System Checkpoint
10-12-2013 01:40:16 System Checkpoint
11-12-2013 01:53:15 System Checkpoint
12-12-2013 04:10:38 System Checkpoint
12-12-2013 08:00:19 Software Distribution Service 3.0
13-12-2013 08:01:21 Software Distribution Service 3.0
14-12-2013 21:04:36 System Checkpoint
15-12-2013 23:17:07 System Checkpoint
16-12-2013 18:46:33 Printer Driver LogMeIn Printer Driver Installed
17-12-2013 19:14:30 System Checkpoint
18-12-2013 20:27:28 System Checkpoint
20-12-2013 00:42:26 System Checkpoint
21-12-2013 00:56:56 System Checkpoint
22-12-2013 01:58:00 System Checkpoint
23-12-2013 02:56:55 System Checkpoint
24-12-2013 03:10:53 System Checkpoint
25-12-2013 03:56:56 System Checkpoint
26-12-2013 22:13:14 System Checkpoint
27-12-2013 23:47:47 System Checkpoint
29-12-2013 00:01:50 System Checkpoint
30-12-2013 00:48:57 System Checkpoint
31-12-2013 01:18:04 System Checkpoint
01-01-2014 06:24:02 System Checkpoint

==================== Hosts content: ==========================

2003-03-31 07:00 - 2013-12-04 16:13 - 00000024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
12.151.201.180 tup-dc1

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-04-07 04:32 - 2009-04-07 04:32 - 00022723 _____ () C:\WINDOWS\system32\cl31cl3.dll
2012-12-11 23:11 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-01 22:16 - 2013-12-01 22:16 - 00025600 _____ () C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll
2009-11-17 12:08 - 2009-11-17 12:08 - 00197424 _____ () C:\WINDOWS\system32\vpnapi.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== Faulty Device Manager Devices =============

Name: Intel(R) PRO/Wireless 3945ABG Network Connection
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: MoGo_Mouse_BT _
Description: MoGo_Mouse_BT _
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: DesignJet 800PS (C7780C)
Description: DesignJet 800PS (C7780C)
Class Guid: {4D36E971-E325-11CE-BFC1-08002BE10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (0x80070490)

Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

Error: (12/31/2013 10:43:56 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

Error: (12/31/2013 09:35:22 PM) (Source: Application Error) (User: )
Description: Faulting application updateoutobox.exe, version 1.0.5060.34698, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [updateoutobox.exe!ws!]

Error: (12/31/2013 09:17:32 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Error: (12/31/2013 09:16:59 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

Error: (12/31/2013 09:16:21 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d.

System errors:
=============
Error: (01/01/2014 02:58:02 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:55:18 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:54:37 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:54:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:52:38 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:44:50 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:40:28 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:39:46 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:33:44 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/01/2014 02:32:51 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Microsoft Office Sessions:
=========================
Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)

Error: (12/31/2013 10:44:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (0x80070490)
Search.TripoliIndexer

Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index metadata cannot be read. (0xc0041801)
Search.JetPropStore

Error: (12/31/2013 10:43:58 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

Error: (12/31/2013 10:43:56 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. )

Error: (12/31/2013 09:35:22 PM) (Source: Application Error)(User: )
Description: updateoutobox.exe1.0.5060.34698kernel32.dll5.1.2600.629300012fd3

Error: (12/31/2013 09:17:32 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

Error: (12/31/2013 09:16:59 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

Error: (12/31/2013 09:16:21 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007041d

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3455.25 MB
Available physical RAM: 2445.53 MB
Total Pagefile: 5336.83 MB
Available Pagefile: 4231.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:30 GB) (Free:3.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:44.52 GB) (Free:25.73 GB) NTFS
Drive e: (Erie) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:0.06 GB) (Free:0.06 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 8AB18AB1)
Partition 1: (Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 62 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=62 MB) - (Type=06)

==================== End Of Log ============================

Broni · Jan 1, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

IMPORTANT! Restart computer.

Re-run FRST "Scan" one more time and post fresh log.

Linda R · Jan 1, 2014

The computer is starting to respond a little better, but when I rebooted before doing the scan, it still took it 15 minutes or so to boot back up. Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-01-2014
Ran by Linda at 2014-01-01 19:06:23 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
HKLM\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
HKLM\...\Run: [Noekyp] - "C:\Documents and Settings\Linda\Application Data\Ocorypi\kooxhel.exe"
HKLM\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
HKLM\...\Run: [Urhyow] - "C:\Documents and Settings\Linda\Application Data\Unosehul\zedeamu.exe"
HKLM\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
HKLM\...\Run: [Vaibmiuto] - "C:\Documents and Settings\Linda\Application Data\Ipiqrioc\kyhub.exe"
HKLM\...\Run: [Wibuu] - "C:\Documents and Settings\Linda\Application Data\Leiber\ruzeiny.exe"
HKLM\...\Run: [Nyehfydiemsopuw] - "C:\Documents and Settings\Linda\Application Data\Esefibv\bazuesi.exe"
HKLM\...\Run: [Diwalyevvoo] - "C:\Documents and Settings\Linda\Application Data\Duuvqet\uxsuk.exe"
HKLM\...\Run: [Ykoqkyhezu] - "C:\Documents and Settings\Linda\Application Data\Exruhac\vyrado.exe"
HKLM\...\Run: [Iwopukqe] - "C:\Documents and Settings\Linda\Application Data\Amfogaov\ewlipei.exe"
HKLM\...\Run: [Isiqtefeu] - "C:\Documents and Settings\Linda\Application Data\Diriacq\vyokeg.exe"
HKLM\...\Run: [Zowyguefobunn] - "C:\Documents and Settings\Linda\Application Data\Ihuvor\ryolu.exe"
HKLM\...\Run: [Qyupi] - "C:\Documents and Settings\Linda\Application Data\Seibup\ucepa.exe"
HKLM\...\Run: [Tauvu] - "C:\Documents and Settings\Linda\Application Data\Piaryk\biaqlak.exe"
HKLM\...\Run: [Vaokgeozqoo] - "C:\Documents and Settings\Linda\Application Data\Asawpate\usyvy.exe"
HKLM\...\Run: [Efneoqol] - "C:\Documents and Settings\Linda\Application Data\Huywypm\enegob.exe"
HKLM\...\Run: [Bedot] - "C:\Documents and Settings\Linda\Application Data\Soluhi\fekaev.exe"
HKLM\...\Run: [Yvsiagsiuxeccy] - "C:\Documents and Settings\Linda\Application Data\Pyexfudu\mesyuv.exe"
HKLM\...\Run: [Beykbiagokekocb] - "C:\Documents and Settings\Linda\Application Data\Coyhut\gucisom.exe"
HKLM\...\Run: [Vaizitysutzy] - "C:\Documents and Settings\Linda\Application Data\Fuoccai\wizinoy.exe"
HKLM\...\Run: [Mitelugub] - "C:\Documents and Settings\Linda\Application Data\Coreebaf\geyqp.exe"
HKLM\...\Run: [Ovokiqomaru] - "C:\Documents and Settings\Linda\Application Data\Ynedve\mefici.exe"
HKLM\...\Run: [Owumruyp] - "C:\Documents and Settings\Linda\Application Data\Maryag\woisy.exe"
HKLM\...\Run: [Kaagxi] - "C:\Documents and Settings\Linda\Application Data\Ubifcuol\rainin.exe"
HKLM\...\Run: [Futikyegrai] - "C:\Documents and Settings\Linda\Application Data\Suvakir\fobeagm.exe"
HKLM\...\Run: [Afunatpiabi] - "C:\Documents and Settings\Linda\Application Data\Usegyfw\onepz.exe"
HKLM\...\Run: [Yqnakyewquneeps] - "C:\Documents and Settings\Linda\Application Data\Lumyza\duleqi.exe"
HKLM\...\Run: [Azbuafq] - "C:\Documents and Settings\Linda\Application Data\Cuxyxuwu\iwhipa.exe"
HKLM\...\Run: [Uxufiva] - "C:\Documents and Settings\Linda\Application Data\Puzaadu\opzoom.exe"
HKLM\...\Run: [Ugocibr] - "C:\Documents and Settings\Linda\Application Data\Riigakk\ipquyg.exe"
HKLM\...\Run: [Didaisy] - "C:\Documents and Settings\Linda\Application Data\Ohhaylk\encey.exe"
HKLM\...\Run: [Luhooga] - "C:\Documents and Settings\Linda\Application Data\Zaxoneo\anpimui.exe"
HKLM\...\Run: [Pigiixzu] - "C:\Documents and Settings\Linda\Application Data\Wiydhaca\eqini.exe"
HKLM\...\Run: [Yxipud] - "C:\Documents and Settings\Linda\Application Data\Heovrex\ozmyy.exe"
HKLM\...\Run: [Keimowvio] - "C:\Documents and Settings\Linda\Application Data\Dibuegfy\muymk.exe"
HKLM\...\Run: [Itbyfuafaxecy] - "C:\Documents and Settings\Linda\Application Data\Ecivwity\byvigo.exe"
HKLM\...\Run: [Ofolixylrode] - "C:\Documents and Settings\Linda\Application Data\Yqydkui\wyesoq.exe"
HKLM\...\Run: [Voecvitocahe] - "C:\Documents and Settings\Linda\Application Data\Naheav\ilrol.exe"
HKLM\...\Run: [Liiqniceys] - "C:\Documents and Settings\Linda\Application Data\Esbudu\muifeg.exe"
HKLM\...\Run: [Asonukcivovi] - "C:\Documents and Settings\Linda\Application Data\Kutiqoka\vayfeve.exe"
HKLM\...\Run: [Riixsaoku] - "C:\Documents and Settings\Linda\Application Data\Cyziudv\amame.exe"
HKLM\...\Run: [Agedynyrohhato] - "C:\Documents and Settings\Linda\Application Data\Idxoeges\ranuapx.exe"
HKLM\...\Run: [Esahorfiybzyc] - "C:\Documents and Settings\Linda\Application Data\Feywohaw\igxuafu.exe"
HKLM\...\Run: [Suidmit] - "C:\Documents and Settings\Linda\Application Data\Tyyfepaq\epowu.exe"
HKLM\...\Run: [Suetexetqoi] - "C:\Documents and Settings\Linda\Application Data\Beebyrl\igywru.exe"
HKLM\...\Run: [Uryfcuednakea] - "C:\Documents and Settings\Linda\Application Data\Myuffiy\usyqn.exe"
HKLM\...\Run: [Pixuumi] - "C:\Documents and Settings\Linda\Application Data\Elaphif\kenou.exe"
HKLM\...\Run: [Ikdivesa] - "C:\Documents and Settings\Linda\Application Data\Yzynul\likavi.exe"
HKLM\...\Run: [Ulwoweg] - "C:\Documents and Settings\Linda\Application Data\Ocubysc\naupx.exe"
HKLM\...\Run: [Inhovuugkiib] - "C:\Documents and Settings\Linda\Application Data\Opityh\akuml.exe"
HKLM\...\Run: [Pyfavyycakce] - "C:\Documents and Settings\Linda\Application Data\Xysayqod\oknoka.exe"
HKLM\...\Run: [Qicegoq] - "C:\Documents and Settings\Linda\Application Data\Xisynu\okfuul.exe"
HKLM\...\Run: [Ulawdu] - "C:\Documents and Settings\Linda\Application Data\Cuzeroro\deypek.exe"
HKLM\...\Run: [Nutewyebav] - "C:\Documents and Settings\Linda\Application Data\Ufhada\ydydda.exe"
HKLM\...\Run: [Xanahyeno] - "C:\Documents and Settings\Linda\Application Data\Axumyn\cotiubl.exe"
HKLM\...\Run: [Ylnuguco] - "C:\Documents and Settings\Linda\Application Data\Omduiklo\icumduo.exe"
HKLM\...\Run: [Wytoyp] - "C:\Documents and Settings\Linda\Application Data\Kyemyd\gyaduvi.exe"
HKLM\...\Run: [Wiomsefarioxx] - "C:\Documents and Settings\Linda\Application Data\Ywcuum\kirite.exe"
HKLM\...\Run: [Zoybiceqxyra] - "C:\Documents and Settings\Linda\Application Data\Cofuhyxi\olver.exe"
HKLM\...\Run: [Zuniomxoda] - "C:\Documents and Settings\Linda\Application Data\Zyypop\adtate.exe"
HKLM\...\Run: [Muofwavuanogyha] - "C:\Documents and Settings\Linda\Application Data\Kipoxai\osufe.exe"
HKLM\...\Run: [Doteohobehleb] - "C:\Documents and Settings\Linda\Application Data\Evamiw\ytkudi.exe"
HKLM\...\Run: [Umruitota] - "C:\Documents and Settings\Linda\Application Data\Cuaxro\qoseu.exe"
HKLM\...\Run: [Pyxaledibovukup] - "C:\Documents and Settings\Linda\Application Data\Leroxo\pautod.exe"
HKLM\...\Run: [Rypicagiakogheg] - "C:\Documents and Settings\Linda\Application Data\Hiuntot\cemybub.exe"
HKLM\...\Run: [Uxednaofhaec] - "C:\Documents and Settings\Linda\Application Data\Myikrivu\qimyyd.exe"
HKLM\...\Run: [Enbocoeh] - "C:\Documents and Settings\Linda\Application Data\Opiffao\zealod.exe"
C:\Documents and Settings\Linda\Application Data\Ubifcuol
C:\Documents and Settings\Linda\Application Data\Maryag
C:\Documents and Settings\Linda\Application Data\Ynedve
C:\Documents and Settings\Linda\Application Data\Coreebaf
C:\Documents and Settings\Linda\Application Data\Fuoccai
C:\Documents and Settings\Linda\Application Data\Coyhut
C:\Documents and Settings\Linda\Application Data\Pyexfudu
C:\Documents and Settings\Linda\Application Data\Soluhi
C:\Documents and Settings\Linda\Application Data\Huywypm
C:\Documents and Settings\Linda\Application Data\Asawpate
C:\Documents and Settings\Linda\Application Data\Piaryk
C:\Documents and Settings\Linda\Application Data\Seibup
C:\Documents and Settings\Linda\Application Data\Ihuvor
C:\Documents and Settings\Linda\Application Data\Diriacq
C:\Documents and Settings\Linda\Application Data\Amfogaov
C:\Documents and Settings\Linda\Application Data\Exruhac
C:\Documents and Settings\Linda\Application Data\Duuvqet
C:\Documents and Settings\Linda\Application Data\Esefibv
C:\Documents and Settings\Linda\Application Data\Leiber
C:\Documents and Settings\Linda\Application Data\Ipiqrioc
C:\Documents and Settings\Linda\Application Data\Sesalisi
C:\Documents and Settings\Linda\Application Data\Unosehul
C:\Documents and Settings\Linda\Application Data\Saecegyb
C:\Documents and Settings\Linda\Application Data\Ocorypi
C:\Documents and Settings\Linda\Application Data\Lyukud
C:\Documents and Settings\Linda\Application Data\Pabiwex
C:\Documents and Settings\Linda\Application Data\Tyyfepaq
C:\Documents and Settings\Linda\Application Data\Feywohaw
C:\Documents and Settings\Linda\Application Data\Idxoeges
C:\Documents and Settings\Linda\Application Data\Cyziudv
C:\Documents and Settings\Linda\Application Data\Kutiqoka
C:\Documents and Settings\Linda\Application Data\Esbudu
C:\Documents and Settings\Linda\Application Data\Naheav
C:\Documents and Settings\Linda\Application Data\Yqydkui
C:\Documents and Settings\Linda\Application Data\Ecivwity
C:\Documents and Settings\Linda\Application Data\Dibuegfy
C:\Documents and Settings\Linda\Application Data\Heovrex
C:\Documents and Settings\Linda\Application Data\Wiydhaca
C:\Documents and Settings\Linda\Application Data\Zaxoneo
C:\Documents and Settings\Linda\Application Data\Ohhaylk
C:\Documents and Settings\Linda\Application Data\Riigakk
C:\Documents and Settings\Linda\Application Data\Puzaadu
C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
C:\Documents and Settings\Linda\Application Data\Lumyza
C:\Documents and Settings\Linda\Application Data\Usegyfw
C:\Documents and Settings\Linda\Application Data\Suvakir
C:\Documents and Settings\Linda\Application Data\Opiffao
C:\Documents and Settings\Linda\Application Data\Myikrivu
C:\Documents and Settings\Linda\Application Data\Hiuntot
C:\Documents and Settings\Linda\Application Data\Leroxo
C:\Documents and Settings\Linda\Application Data\Cuaxro
C:\Documents and Settings\Linda\Application Data\Evamiw
C:\Documents and Settings\Linda\Application Data\Kipoxai
C:\Documents and Settings\Linda\Application Data\Zyypop
C:\Documents and Settings\Linda\Application Data\Cofuhyxi
C:\Documents and Settings\Linda\Application Data\Ywcuum
C:\Documents and Settings\Linda\Application Data\Kyemyd
C:\Documents and Settings\Linda\Application Data\Omduiklo
C:\Documents and Settings\Linda\Application Data\Axumyn
C:\Documents and Settings\Linda\Application Data\Ufhada
C:\Documents and Settings\Linda\Application Data\Cuzeroro
C:\Documents and Settings\Linda\Application Data\Xisynu
C:\Documents and Settings\Linda\Application Data\Xysayqod
C:\Documents and Settings\Linda\Application Data\Opityh
C:\Documents and Settings\Linda\Application Data\Ocubysc
C:\Documents and Settings\Linda\Application Data\Yzynul
C:\Documents and Settings\Linda\Application Data\Elaphif
C:\Documents and Settings\Linda\Application Data\Myuffiy
C:\Documents and Settings\Linda\Application Data\Beebyrl
HKCU\...\Run: [Inpgsoft] - regsvr32.exe "C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft\normalPaddlg.dll" <===== ATTENTION
HKCU\...\Run: [Eqovfeaxysavi] - "C:\Documents and Settings\Linda\Application Data\Pabiwex\ykrosi.exe"
HKCU\...\Run: [Oqyzlupeyndiq] - "C:\Documents and Settings\Linda\Application Data\Saecegyb\syniix.exe"
HKCU\...\Run: [Oltanye] - "C:\Documents and Settings\Linda\Application Data\Lyukud\raikebo.exe"
HKCU\...\Run: [Ekpozuamyx] - "C:\Documents and Settings\Linda\Application Data\Sesalisi\gautedo.exe"
MountPoints2: {04d20c00-4d7b-11e3-ac40-444553544200} - F:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {3eb75dba-5419-11e2-ac0c-001a6b2a37c3} - F:\TLBootstrap_WPP.exe
MountPoints2: {41f4f08e-323e-11e2-abfe-001a6b2a37c3} - "F:\WD SmartWare.exe" autoplay=true
C:\Documents and Settings\Linda\Application Data\Sesalisi
C:\Documents and Settings\Linda\Application Data\Lyukud
C:\Documents and Settings\Linda\Application Data\Saecegyb
C:\Documents and Settings\Linda\Application Data\Pabiwex
C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft
2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opityh
2013-12-31 17:06 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Elaphif
2013-12-31 17:04 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Emreikit
2013-12-31 17:04 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocubysc
2013-12-31 17:03 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ixfiam
2013-12-31 17:03 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ywcuum
2013-12-31 17:02 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kyemyd
2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zyypop
2013-12-31 17:01 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cofuhyxi
2013-12-31 17:00 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Abpyitut
2013-12-31 16:59 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuzeroro
2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yzynul
2013-12-31 16:58 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Tyyfepaq
2013-12-31 16:57 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipumeddu
2013-12-31 16:56 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Udawzow
2013-12-31 16:56 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuaxro
2013-12-31 16:55 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Taytgek
2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kipoxai
2013-12-31 16:54 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Beebyrl
2013-12-31 16:53 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Logahi
2013-12-31 16:52 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Waguku
2013-12-31 16:52 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Evamiw
2013-12-31 16:51 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ufhada
2013-12-31 16:51 - 2013-12-31 16:51 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ygviiryd
2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maalep
2013-12-31 16:50 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hyziexap
2013-12-31 16:49 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leroxo
2013-12-31 16:48 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Opiffao
2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqyfpal
2013-12-31 16:47 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Folyce
2013-12-31 16:46 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xisynu
2013-12-31 16:45 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huziov
2013-12-31 16:45 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Hiuntot
2013-12-31 16:44 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myuffiy
2013-12-31 16:43 - 2014-01-01 15:54 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unixkypu
2013-12-31 16:43 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Axumyn
2013-12-31 16:42 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Xysayqod
2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Omduiklo
2013-12-31 16:41 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Myikrivu
2013-12-31 16:40 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Feywohaw
2013-12-31 16:39 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Idxoeges
2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Kutiqoka
2013-12-31 16:38 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cyziudv
2013-12-31 16:37 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esbudu
2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Yqydkui
2013-12-31 16:36 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Naheav
2013-12-31 16:35 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ecivwity
2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Heovrex
2013-12-31 16:34 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Dibuegfy
2013-12-31 16:33 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Wiydhaca
2013-12-31 16:32 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Zaxoneo
2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Riigakk
2013-12-31 16:31 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ohhaylk
2013-12-31 16:30 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Puzaadu
2013-12-31 16:29 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Cuxyxuwu
2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Usegyfw
2013-12-31 16:28 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lumyza
2013-12-31 16:27 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Suvakir
2013-12-31 16:26 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ubifcuol
2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ynedve
2013-12-31 16:25 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Maryag
2013-12-31 16:24 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coreebaf
2013-12-31 16:23 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Fuoccai
2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pyexfudu
2013-12-31 16:22 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Coyhut
2013-12-31 16:21 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Soluhi
2013-12-31 16:20 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Huywypm
2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Piaryk
2013-12-31 16:19 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Asawpate
2013-12-31 16:18 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Seibup
2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ihuvor
2013-12-31 16:17 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Diriacq
2013-12-31 16:16 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Amfogaov
2013-12-31 16:15 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Exruhac
2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Esefibv
2013-12-31 16:14 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Duuvqet
2013-12-31 16:13 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Leiber
2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Sesalisi
2013-12-31 16:12 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ipiqrioc
2013-12-31 16:11 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Unosehul
2013-12-31 16:10 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Saecegyb
2013-12-31 16:09 - 2014-01-01 16:07 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Vaqiusl
2013-12-31 16:09 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Ocorypi
2013-12-31 16:08 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Lyukud
2013-12-31 16:07 - 2014-01-01 15:35 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Pabiwex
C:\Documents and Settings\Linda\gotomypc_540.exe
C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe
C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eqovfeaxysavi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Oltanye => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Noekyp => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Oqyzlupeyndiq => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Urhyow => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ekpozuamyx => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaibmiuto => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wibuu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nyehfydiemsopuw => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Diwalyevvoo => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ykoqkyhezu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Iwopukqe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Isiqtefeu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zowyguefobunn => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Qyupi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Tauvu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaokgeozqoo => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Efneoqol => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Bedot => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yvsiagsiuxeccy => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Beykbiagokekocb => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Vaizitysutzy => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Mitelugub => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ovokiqomaru => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Owumruyp => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kaagxi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Futikyegrai => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Afunatpiabi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yqnakyewquneeps => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Azbuafq => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uxufiva => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ugocibr => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Didaisy => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Luhooga => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pigiixzu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Yxipud => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Keimowvio => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Itbyfuafaxecy => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ofolixylrode => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Voecvitocahe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Liiqniceys => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Asonukcivovi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Riixsaoku => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Agedynyrohhato => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Esahorfiybzyc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Suidmit => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Suetexetqoi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uryfcuednakea => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pixuumi => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ikdivesa => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulwoweg => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Inhovuugkiib => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pyfavyycakce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Qicegoq => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ulawdu => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nutewyebav => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Xanahyeno => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ylnuguco => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wytoyp => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Wiomsefarioxx => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zoybiceqxyra => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Zuniomxoda => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Muofwavuanogyha => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Doteohobehleb => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Umruitota => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Pyxaledibovukup => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Rypicagiakogheg => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Uxednaofhaec => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Enbocoeh => Value deleted successfully.
C:\Documents and Settings\Linda\Application Data\Ubifcuol => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Maryag => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ynedve => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Coreebaf => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Fuoccai => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Coyhut => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Pyexfudu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Soluhi => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Huywypm => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Asawpate => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Piaryk => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Seibup => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ihuvor => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Diriacq => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Amfogaov => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Exruhac => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Duuvqet => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Esefibv => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Leiber => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ipiqrioc => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Sesalisi => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Unosehul => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Saecegyb => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ocorypi => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Lyukud => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Pabiwex => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Tyyfepaq => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Feywohaw => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Idxoeges => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Cyziudv => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Kutiqoka => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Esbudu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Naheav => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Yqydkui => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ecivwity => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Dibuegfy => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Heovrex => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Wiydhaca => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Zaxoneo => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ohhaylk => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Riigakk => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Puzaadu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Cuxyxuwu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Lumyza => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Usegyfw => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Suvakir => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Opiffao => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Myikrivu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Hiuntot => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Leroxo => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Cuaxro => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Evamiw => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Kipoxai => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Zyypop => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Cofuhyxi => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ywcuum => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Kyemyd => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Omduiklo => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Axumyn => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ufhada => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Cuzeroro => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Xisynu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Xysayqod => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Opityh => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Ocubysc => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Yzynul => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Elaphif => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Myuffiy => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Beebyrl => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Inpgsoft => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Eqovfeaxysavi => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oqyzlupeyndiq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Oltanye => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Ekpozuamyx => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04d20c00-4d7b-11e3-ac40-444553544200} => Key deleted successfully.
HKCR\CLSID\{04d20c00-4d7b-11e3-ac40-444553544200} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eb75dba-5419-11e2-ac0c-001a6b2a37c3} => Key deleted successfully.
HKCR\CLSID\{3eb75dba-5419-11e2-ac0c-001a6b2a37c3} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41f4f08e-323e-11e2-abfe-001a6b2a37c3} => Key deleted successfully.
HKCR\CLSID\{41f4f08e-323e-11e2-abfe-001a6b2a37c3} => Key not found.
"C:\Documents and Settings\Linda\Application Data\Sesalisi" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Lyukud" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Saecegyb" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Pabiwex" => File/Directory not found.
C:\Documents and Settings\Linda\Local Settings\Application Data\Inpgsoft => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Opityh" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Elaphif" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Emreikit => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Ocubysc" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Ixfiam => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Ywcuum" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Kyemyd" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Zyypop" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Cofuhyxi" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Abpyitut => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Cuzeroro" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Yzynul" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Tyyfepaq" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Ipumeddu => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Udawzow => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Cuaxro" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Taytgek => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Kipoxai" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Beebyrl" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Logahi => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Waguku => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Evamiw" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ufhada" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Ygviiryd => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Maalep => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Hyziexap => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Leroxo" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Opiffao" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Yqyfpal => Moved successfully.
C:\Documents and Settings\Linda\Application Data\Folyce => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Xisynu" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Huziov => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Hiuntot" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Myuffiy" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Unixkypu => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Axumyn" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Xysayqod" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Omduiklo" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Myikrivu" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Feywohaw" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Idxoeges" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Kutiqoka" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Cyziudv" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Esbudu" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Yqydkui" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Naheav" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ecivwity" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Heovrex" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Dibuegfy" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Wiydhaca" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Zaxoneo" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Riigakk" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ohhaylk" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Puzaadu" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Cuxyxuwu" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Usegyfw" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Lumyza" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Suvakir" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ubifcuol" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ynedve" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Maryag" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Coreebaf" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Fuoccai" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Pyexfudu" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Coyhut" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Soluhi" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Huywypm" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Piaryk" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Asawpate" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Seibup" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ihuvor" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Diriacq" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Amfogaov" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Exruhac" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Esefibv" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Duuvqet" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Leiber" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Sesalisi" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Ipiqrioc" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Unosehul" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Saecegyb" => File/Directory not found.
C:\Documents and Settings\Linda\Application Data\Vaqiusl => Moved successfully.
"C:\Documents and Settings\Linda\Application Data\Ocorypi" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Lyukud" => File/Directory not found.
"C:\Documents and Settings\Linda\Application Data\Pabiwex" => File/Directory not found.
C:\Documents and Settings\Linda\gotomypc_540.exe => Moved successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\6_Offer_16.exe => Moved successfully.
C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe => Moved successfully.

==== End of Fixlog ====

Linda R · Jan 1, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2014
Ran by Linda (administrator) on WELLSCO-LAPPY on 01-01-2014 19:20:15
Running from F:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Juniper Networks, Inc.) C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Cisco Systems, Inc.) D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Gordoware) C:\Program Files\gordoware\connectto.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\accelerometerST.exe [53248 2006-01-16] (Hewlett-Packard Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-17] (Google Inc.)
MountPoints2: {c6947131-7328-11e3-ac5b-444553544200} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk
ShortcutTarget: checkmaps.lnk -> C:\Program Files\gordoware\checkmaps.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk
ShortcutTarget: connectto.lnk -> C:\Program Files\gordoware\connectto.exe (Gordoware)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {07871812-1823-4118-B7A8-B2C956AC8742} URL = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
SearchScopes: HKCU - {8CC45221-51CE-4DD1-8F4A-822235DB4D63} URL = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
SearchScopes: HKCU - {954B9569-E869-4AE5-B2AB-F2700519E569} URL = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
SearchScopes: HKCU - {98383ACF-5F17-49F1-91D7-EE480B517CA8} URL = http://www.weather.com/search/enhanced?where={searchTerms}
SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGm...n=77fdc98f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {C2A09D41-25C9-4E60-A52B-BA6068DD941D} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {DDD8124F-D233-44C2-A68C-9B432298DA67} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
Toolbar: HKLM - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - FromDocToPDF - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll (Mindspark)
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: 12.151.201.180 tup-dc1
Tcpip\..\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: [NameServer]166.68.227.10,166.68.195.10

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @FromDocToPDF_65.com/Plugin - C:\Program Files\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (Mindspark)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Status-bar Calculator - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\calculator@cmcculloh
FF Extension: No Name - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\staged
FF Extension: DAO.TableDef.120 - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox1@myibay.com.xpi
FF Extension: outobox - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\firefox@outobox.net.xpi
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: Tab Mix Plus - C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (PDF-XChange Viewer) - c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
CHR Extension: (Docs) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fjpdnoojnohifgekbkmnfbiobhcbedka] - C:\Program Files\outobox\fjpdnoojnohifgekbkmnfbiobhcbedka.crx

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660520 2009-09-12] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-11-15] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 CVPND; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
S3 ExtranetAccess; C:\Program Files\Nortel Networks\Extranet_serv.exe [811008 2007-04-18] (Nortel Networks NA, Inc.)
S2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [88648 2013-12-09] (COMPANYVERS_NAME)
R2 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2013-02-20] (Juniper Networks, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S3 OracleClientCache80; C:\orant\BIN\ONRSD80.EXE [95744 1998-06-10] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 ATMDLC; C:\Windows\System32\DRIVERS\atmdlc.sys [40952 2009-08-27] (Attachmate Corporation)
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-27] (Avira Operations GmbH & Co. KG)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [401664 2006-02-15] (Broadcom Corporation.)
S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30363 2006-02-15] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [1342570 2006-02-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [148168 2006-02-15] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [44163 2006-02-15] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [57096 2006-02-15] (Broadcom Corporation.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 Eacfilt; C:\Windows\System32\DRIVERS\eacfilt.sys [26137 2007-04-18] (Nortel Networks)
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-10-16] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989312 2007-10-16] (Conexant Systems, Inc.)
S3 IPSECEXT; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
R3 IPSECSHM; C:\Windows\System32\DRIVERS\ipsecw2k.sys [155152 2007-04-18] (Nortel Networks NA, Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna5.sys [446712 2013-01-17] (Juniper Networks, Inc.)
S4 jnprTdi_730_32781; C:\WINDOWS\system32\Drivers\jnprTdi_730_32781.sys [90456 2013-02-19] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [25456 2013-01-17] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [36776 2013-01-17] (Juniper Networks, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2009-05-25] (Smith Micro Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [902432 2010-11-15] (Acronis)
S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 dsNcAdpt; system32\DRIVERS\dsNcAdpt.sys [x]
U1 eabfiltr;
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
2014-01-01 16:06 - 2014-01-01 16:45 - 00017854 _____ C:\WINDOWS\setupapi.log
2013-12-31 23:06 - 2014-01-01 13:09 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
2013-12-31 22:42 - 2014-01-01 19:11 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-31 22:42 - 2014-01-01 19:11 - 00000048 _____ C:\WINDOWS\wiaservc.log
2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
2013-12-31 17:25 - 2013-12-31 17:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-31 17:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-31 14:25 - 2014-01-01 14:26 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

==================== One Month Modified Files and Folders =======

2014-01-01 19:19 - 2010-11-14 19:42 - 01892280 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-01 19:17 - 2013-04-17 10:40 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 19:16 - 2003-03-31 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-01 19:11 - 2013-12-31 22:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-01 19:11 - 2013-12-31 22:42 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-01 19:11 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.001
2014-01-01 19:10 - 2013-04-17 10:40 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 19:10 - 2010-11-14 17:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-01 19:07 - 2010-11-14 17:44 - 00032650 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-01 19:06 - 2010-11-14 17:50 - 00000000 ____D C:\Documents and Settings\Linda
2014-01-01 18:59 - 2010-11-15 16:19 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-01 18:35 - 2012-06-03 22:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:09 - 2010-11-14 17:38 - 00000000 ____D C:\WINDOWS\Registration
2014-01-01 16:45 - 2014-01-01 16:06 - 00017854 _____ C:\WINDOWS\setupapi.log
2014-01-01 16:08 - 2014-01-01 16:08 - 00000000 ____D C:\FRST
2014-01-01 14:26 - 2013-12-31 14:25 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-01 13:44 - 2013-10-14 12:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-01 13:09 - 2013-12-31 23:06 - 00003053 _____ C:\Documents and Settings\Linda\Desktop\attach.txt
2014-01-01 00:40 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Help
2014-01-01 00:01 - 2012-08-28 14:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2013-12-31 23:23 - 2010-11-14 10:51 - 00000000 ____D C:\WINDOWS\Resources
2013-12-31 22:42 - 2013-12-31 22:42 - 00000000 ____N C:\WINDOWS\Sti_Trace.log
2013-12-31 22:37 - 2011-02-01 11:43 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-31 22:30 - 2010-12-08 13:38 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Autodesk
2013-12-31 20:26 - 2012-01-24 12:19 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-31 18:46 - 2013-04-04 11:16 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Bentley
2013-12-31 17:26 - 2013-12-31 17:26 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\Malwarebytes
2013-12-31 17:26 - 2013-12-31 17:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-31 17:25 - 2013-12-31 17:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-31 15:04 - 2013-04-02 12:49 - 00000075 _____ C:\WINDOWS\iddsgtev8i.ini
2013-12-31 14:53 - 2011-12-14 15:00 - 00002305 _____ C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
2013-12-31 14:49 - 2010-11-14 10:55 - 00000329 ___SH C:\boot.ini
2013-12-31 14:49 - 2003-03-31 07:00 - 00000876 _____ C:\WINDOWS\win.ini
2013-12-31 14:49 - 2003-03-31 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-31 13:49 - 2012-05-24 15:21 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Verizon_Android
2013-12-19 13:33 - 2013-11-18 17:04 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Verizon_Android
2013-12-17 11:53 - 2010-11-14 18:35 - 00027335 _____ C:\WINDOWS\system32\nvModes.dat
2013-12-16 13:46 - 2012-08-28 14:54 - 00000719 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
2013-12-16 13:46 - 2012-08-28 14:54 - 00000000 ____D C:\Program Files\LogMeIn
2013-12-16 13:45 - 2012-08-28 14:54 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2013-12-16 13:45 - 2012-08-28 14:54 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2013-12-16 13:45 - 2012-08-28 14:54 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2013-12-12 04:42 - 2012-12-11 23:10 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-12-12 04:42 - 2012-12-11 23:10 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-12-12 03:24 - 2010-11-14 10:56 - 00298048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-12 03:08 - 2012-05-24 15:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-12 03:07 - 2010-11-15 15:28 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-12 03:06 - 2013-08-14 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-12 03:06 - 2010-11-15 13:19 - 00046592 _____ C:\WINDOWS\system32\TZLog.log
2013-12-12 03:03 - 2010-11-15 13:16 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 22:25 - 2010-11-15 15:41 - 00000000 ____D C:\WINDOWS\pss
2013-12-11 21:38 - 2013-12-11 21:38 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 21:38 - 2013-12-11 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-11 14:35 - 2012-06-03 22:51 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 14:35 - 2012-06-03 22:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-09 15:42 - 2010-11-15 18:37 - 00000000 ____D C:\dgn
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Local Settings\Application Data\IAC
2013-12-09 11:15 - 2013-12-09 11:15 - 00000000 ____D C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65
2013-12-09 11:14 - 2013-12-09 11:14 - 00000000 ____D C:\Program Files\FromDocToPDF_65
2013-12-05 04:19 - 2013-04-17 10:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-12-04 15:40 - 2011-12-14 15:10 - 00000336 _____ C:\Documents and Settings\Linda\Desktop\PA drive.bat
2013-12-04 13:57 - 2013-12-04 13:57 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
2013-12-03 16:39 - 2013-12-03 16:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft

Some content of TEMP:
====================
C:\Documents and Settings\Linda\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Broni · Jan 1, 2014

Looks better.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Linda R · Jan 1, 2014

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Linda [Admin rights]
Mode : Remove -- Date : 01/01/2014 20:12:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

12.151.201.180 tup-dc1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST980813AS +++++
--- User ---
[MBR] e1167d3f23b50a3041f7dc1461be60d6
[BSP] a388a4c3d4c7761509c6c79422867ce5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 30719 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 62914320 | Size: 45588 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) I0MEGA UMni64MB*IOM2C4 USB Device +++++
--- User ---
[MBR] 606f93cfa88c863b8b0714980449efc6
[BSP] 7208b105e661849d4a48c279d3177d8d : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 61 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_01012014_201208.txt >>
RKreport[0]_S_01012014_201017.txt

Linda R · Jan 1, 2014

The anti-rootkit found no malware, so I only ran it once. Please let me know if I should run it a second time for good measure. Here are the reports. Computer is still sluggish but I haven't rebooted yet.

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.161000 GHz
Memory total: 3623096320, free: 2897874944

Downloaded database version: v2014.01.01.06
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/01/2014 20:21:25
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
intelide.sys
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
timntr.sys
tdrpm251.sys
snapman.sys
Mup.sys
hpdskflt.sys
\WINDOWS\system32\ntkrnlpa.exe
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\b57xp32.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\tifm21.sys
\SystemRoot\System32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\gtipci21.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\System32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\DRIVERS\Wdf01000.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\SynTP.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\DRIVERS\cpqbttn.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\CmBatt.sys
\SystemRoot\System32\DRIVERS\wmiacpi.sys
\SystemRoot\System32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\dne2000.sys
\SystemRoot\system32\DRIVERS\jnprna5.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\jnprvamgr.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\eacfilt.sys
\SystemRoot\system32\DRIVERS\ipsecw2k.sys
\SystemRoot\system32\DRIVERS\RimSerial.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\HSFHWAZL.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\ATSwpDrv.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\atmdlc.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\afcdp.sys
\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\DRIVERS\NETw4x32.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8ac47ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000d5\
Lower Device Object: 0xffffffff8afc6da8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8afe2ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8af1fd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8afe2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8af4cf10, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
DevicePointer: 0xffffffff8af84f10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8afedb88, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af4e880, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
DevicePointer: 0xffffffff8afe2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af74490, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffffff8af833b8, DeviceName: \Device\000000ba\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af1fd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8AB18AB1

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 62914257
Partition file system is NTFS
Partition is bootable

Partition 1 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 62914320 Numsec = 93366000

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8ac47ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7f6020, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
DevicePointer: 0xffffffff8ac4cd70, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8adf5020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a9ad6d8, DeviceName: Unknown, DriverName: \Driver\tdrpman251\
DevicePointer: 0xffffffff8ac47ab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8afc6da8, DeviceName: \Device\000000d5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\snapman\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0x6)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 126944
Partition file system is FAT
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 65011712 bytes
Sector size: 512 bytes

Done!
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_32_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished

Linda R · Jan 1, 2014

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.01.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Linda :: WELLSCO-LAPPY [administrator]

1/1/2014 8:21:37 PM
mbar-log-2014-01-01 (20-21-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 263329
Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Broni · Jan 1, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Linda R · Jan 1, 2014

ComboFix 14-01-01.01 - Linda 01/01/2014 23:06:58.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.1842 [GMT -5:00]
Running from: d:\my documents\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Linda\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 )))))))))))))))))))))))))))))))
.
.
2014-01-02 01:21 . 2014-01-02 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-02 01:21 . 2014-01-02 01:21 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-02 01:18 . 2014-01-02 01:18 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-01 21:08 . 2014-01-01 21:08 -------- d-----w- C:\FRST
2013-12-31 22:26 . 2013-12-31 22:26 -------- d-----w- c:\documents and settings\Linda\Application Data\Malwarebytes
2013-12-31 22:25 . 2013-12-31 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-12-31 22:25 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-31 22:25 . 2013-12-31 22:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-12 02:38 . 2013-12-12 02:38 -------- d-----w- c:\program files\CCleaner
2013-12-09 16:15 . 2013-12-09 16:15 -------- d-----w- c:\documents and settings\Linda\Application Data\FromDocToPDF_65
2013-12-09 16:15 . 2013-12-09 16:15 -------- d-----w- c:\documents and settings\Linda\Local Settings\Application Data\IAC
2013-12-09 16:14 . 2013-12-09 16:14 -------- d-----w- c:\program files\FromDocToPDF_65
2013-12-04 18:57 . 2013-12-04 18:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Inpgsoft
2013-12-03 21:39 . 2013-12-03 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Inpgsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-02 01:10 . 2014-01-02 01:10 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 32224 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 492000 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 570016 ----a-w- c:\windows\system32\drivers\timntr.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 290304 ----a-w- c:\windows\system32\drivers\tifm21.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 220640 ----a-w- c:\windows\system32\drivers\SynTP.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 28520 ----a-w- c:\windows\system32\drivers\ssmdrv.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 157248 ----a-w- c:\windows\system32\drivers\snapman.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 22784 ----a-w- c:\windows\system32\drivers\RimUsb.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\riodrv.sys.bak
2014-01-02 01:10 . 2014-01-02 01:10 12032 ----a-w- c:\windows\system32\drivers\rio8drv.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 13776 ----a-w- c:\windows\system32\drivers\recagent.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-02 01:09 . 2014-01-02 01:09 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-08-23 8478720]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-08-23 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"AccelerometerSysTrayApplet"="c:\windows\System32\AccelerometerSt.exe" [2006-01-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-12-12 684600]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
checkmaps.lnk - c:\program files\Gordoware\CheckMaps.exe [2011-4-22 765952]
connectto.lnk - c:\program files\Gordoware\connectto.exe [2011-4-22 1175552]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-12-16 18:45 85832 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=c:\windows\pss\Program Neighborhood Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-09-12 21:31 357384 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-09-05 14:03 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor]
2013-12-09 16:14 55368 ----a-w- c:\progra~1\FROMDO~2\bar\1.bin\65SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF_65 Browser Plugin Loader]
2013-12-09 16:14 61512 ----a-w- c:\program files\FromDocToPDF_65\bar\1.bin\65brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JunosPulse]
2013-02-20 09:01 2104152 ----a-w- c:\program files\Common Files\Juniper Networks\JamUI\Pulse.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-10-18 20:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2012-06-08 16:06 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-08-23 16:15 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2007-10-19 18:05 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-06 03:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-04-17 15:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-09-12 21:30 5048488 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Bentley\\Program\\MicroStation\\ustation.exe"=
"c:\\Program Files\\Bentley\\Program\\MicroStation\\V8ustation.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\BentleyV8i\\MicroStation\\ustation.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [11/15/2010 4:24 PM 902432]
R1 ATMDLC;Attachmate DLC Protocol;c:\windows\system32\drivers\atmdlc.sys [8/27/2009 4:34 PM 40952]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/11/2012 11:10 PM 37352]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/15/2010 4:24 PM 2326920]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/11/2012 11:10 PM 440376]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2/20/2013 2:01 AM 162136]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/5/2012 5:09 PM 375120]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/15/2010 4:24 PM 159168]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [11/15/2010 6:53 PM 26137]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [11/15/2010 3:06 PM 88192]
R3 JNPRNA;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna5.sys [5/14/2013 4:00 PM 446712]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\drivers\jnprvamgr.sys [5/14/2013 4:01 PM 36776]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~1\FROMDO~2\bar\1.bin\65barsvc.exe [12/9/2013 11:14 AM 88648]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [6/8/2012 11:06 AM 13624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/31/2013 5:25 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/31/2013 5:25 PM 701512]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [11/15/2010 6:53 PM 811008]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [11/15/2010 6:53 PM 155152]
S3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\drivers\jnprva.sys [5/14/2013 4:01 PM 25456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/31/2013 5:25 PM 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [9/6/2013 12:29 PM 235216]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [11/14/2010 11:33 AM 95744]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/19/2012 6:43 AM 11520]
S4 jnprTdi_730_32781;Juniper Networks TDI Filter Driver (jnprTdi_730_32781);c:\windows\system32\drivers\jnprTdi_730_32781.sys [5/14/2013 4:01 PM 90456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 09:16 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 19:35]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 15:40]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 15:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: NameServer = 166.68.227.10,166.68.195.10
FF - ProfilePath - c:\documents and settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\
FF - ExtSQL: !HIDDEN! 2013-04-05 03:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-GameServer50D - c:\documents and settings\Linda\Application Data\Autodesk\WIN7B.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-01 23:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,6b,5f,3f,e8,76,28,41,b5,c7,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,6b,5f,3f,e8,76,28,41,b5,c7,03,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(892)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
.
Completion time: 2014-01-01 23:28:26
ComboFix-quarantined-files.txt 2014-01-02 04:28
.
Pre-Run: 3,739,369,472 bytes free
Post-Run: 4,673,986,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Safe Mode" /fastdetect /NoExecute=OptIn /safeboot:minimal /sos /bootlog
.
- - End Of File - - E43D7CC0F0119347EE1AD2AE71EA16EA
8F558EB6672622401DA993E1E865C861

Linda R · Jan 1, 2014

Another bit of information, MBAM keeps popping up this window.... Successfully blocked access to a potentially malicious website: 8.26.70.22 Type: Outgoing. Sometimes the IP is 66.45.56.109 instead.

Broni · Jan 2, 2014

How is the situation with iexplorer.exe?

Running from: d:\my documents\Downloads\ComboFix.exe

Please move Combofix file to proper location - Desktop.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Linda R · Jan 2, 2014

Iexplore is not running in the processes, but I still have 3 or more explorer processes running. I'll move combofix and then download and run the last 3 you gave me.

Linda R · Jan 2, 2014

# AdwCleaner v3.016 - Report created 02/01/2014 at 00:42:34
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Linda - WELLSCO-LAPPY
# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : FromDocToPDF_65Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\FromDocToPDF_65
Folder Deleted : C:\Documents and Settings\Linda\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Linda\Application Data\FromDocToPDF_65

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8709 octets] - [02/01/2014 00:39:31]
AdwCleaner[S0].txt - [8826 octets] - [02/01/2014 00:42:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8886 octets] ##########

Linda R · Jan 2, 2014

Couldn't get JRT to run, tried rebooting and running it, but still wouldn't start. The dos window would flash up momentarily and then nothing. Moved on to OTL, here are the reports.

OTL logfile created on: 1/2/2014 1:37:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.37 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 61.57% Memory free
5.21 Gb Paging File | 3.82 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 3.96 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 44.52 Gb Total Space | 25.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive E: | 27.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 61.73 Mb Total Space | 58.56 Mb Free Space | 94.87% Space Free | Partition Type: FAT
Computer Name: WELLSCO-LAPPY | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/02 00:18:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2013/12/16 13:45:47 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/12/16 13:45:24 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/12/12 04:42:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/12 04:41:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/12 04:41:11 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/27 12:35:08 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/14 15:42:06 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/20 02:01:36 | 000,162,136 | ---- | M] (Juniper Networks, Inc.) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/04/05 13:58:17 | 001,175,552 | ---- | M] (Gordoware) -- C:\Program Files\gordoware\connectto.exe
PRC - [2010/11/15 16:24:15 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2006/01/16 22:01:46 | 000,053,248 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
========== Modules (No Company Name) ==========
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/09/19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/04/07 04:32:10 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll
========== Services (SafeList) ==========
SRV - [2013/12/16 13:45:47 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/12/16 13:45:24 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/12 04:42:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/11 14:35:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/27 12:35:08 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/14 12:00:14 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/06 12:29:38 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/05/14 15:42:06 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/08 23:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/02/20 02:01:36 | 000,162,136 | ---- | M] (Juniper Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/15 16:24:15 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/18 12:50:08 | 000,811,008 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nortel Networks\Extranet_serv.exe -- (ExtranetAccess)
SRV - [1998/06/10 12:43:40 | 000,095,744 | ---- | M] () [On_Demand | Stopped] -- C:\orant\BIN\ONRSD80.EXE -- (OracleClientCache80)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Linda\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/12/16 13:45:29 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/12 04:42:30 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/12 04:42:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/11/27 12:35:48 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/05/28 14:17:46 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/19 22:06:00 | 000,090,456 | ---- | M] (Juniper Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\jnprTdi_730_32781.sys -- (jnprTdi_730_32781)
DRV - [2013/01/17 00:20:26 | 000,036,776 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprvamgr.sys -- (JnprVaMgr)
DRV - [2013/01/17 00:20:26 | 000,025,456 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jnprva.sys -- (jnprva)
DRV - [2013/01/17 00:20:24 | 000,446,712 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jnprna5.sys -- (JNPRNA)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/11/15 16:24:17 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/11/15 16:24:12 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251)
DRV - [2010/11/15 16:24:11 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/11/15 16:24:04 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/08/27 16:34:14 | 000,040,952 | ---- | M] (Attachmate Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atmdlc.sys -- (ATMDLC)
DRV - [2009/05/25 14:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/10/31 10:23:20 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/10/16 07:29:00 | 000,989,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/10/16 07:28:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 07:28:16 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/08/28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 12:55:48 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/18 12:55:30 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/02/15 15:50:14 | 000,044,163 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/01/10 01:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/01/10 01:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2005/10/26 10:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{89BB0835-FE42-492F-9365-50DD021B2B9E}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes,DefaultScope = {89BB0835-FE42-492F-9365-50DD021B2B9E}
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{07871812-1823-4118-B7A8-B2C956AC8742}: "URL" = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{89BB0835-FE42-492F-9365-50DD021B2B9E}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS532
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{8CC45221-51CE-4DD1-8F4A-822235DB4D63}: "URL" = http://www.amazon.com/gp/search?ie=...amp=1789&creative=9325&keywords={searchTerms}
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{954B9569-E869-4AE5-B2AB-F2700519E569}: "URL" = http://www.walmart.com/catalog/search-ng.gsp?search_constraint=0&search_query={searchTerms}
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{98383ACF-5F17-49F1-91D7-EE480B517CA8}: "URL" = http://www.weather.com/search/enhanced?where={searchTerms}
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{C2A09D41-25C9-4E60-A52B-BA6068DD941D}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{CBCE1836-7CD7-4104-9E83-C9C1AD0EE6EB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\..\SearchScopes\{DDD8124F-D233-44C2-A68C-9B432298DA67}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-1757981266-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..extensions.enabledAddons: %7B36680766-DB0F-2FE2-454F-617C65152C54%7D:5.0.1
FF - prefs.js..extensions.enabledAddons: firefox1%40myibay.com:1.3.7
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.2.02
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.3.5
FF - prefs.js..extensions.enabledItems: calculator@cmcculloh:2.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: c:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/14 12:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/14 12:00:05 | 000,000,000 | ---D | M]
[2010/11/17 10:55:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Extensions
[2014/01/01 19:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions
[2013/12/01 22:16:16 | 000,000,000 | ---D | M] (DAO.TableDef.120) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{36680766-DB0F-2FE2-454F-617C65152C54}
[2012/12/12 16:41:28 | 000,000,000 | ---D | M] (Status-bar Calculator) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh
[2013/12/11 21:22:02 | 000,020,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\firefox1@myibay.com.xpi
[2013/04/17 10:37:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/12/11 21:22:02 | 000,778,022 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2008/07/14 07:16:56 | 000,000,053 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh\.svn\prop-base\statusbarcalculator-2.1.xpi.svn-base
[2008/07/14 07:11:14 | 000,029,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\ek0t908l.default\extensions\calculator@cmcculloh\.svn\text-base\statusbarcalculator-2.1.xpi.svn-base
[2013/10/14 12:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/14 12:00:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[1999/12/31 17:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - Extension: Docs = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/12/04 16:13:13 | 000,000,024 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 12.151.201.180 tup-dc1
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - c:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - c:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\checkmaps.lnk = C:\Program Files\gordoware\checkmaps.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\connectto.lnk = C:\Program Files\gordoware\connectto.exe (Gordoware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab (Blockwerx Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289781725609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1346184481203 (MUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42/tilecity/tilecity.cab (Tilecity Control)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://fhebpsslvpn.verizon.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06FE93A5-53B1-4088-8B09-464214178277}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: Domain = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB3D519C-5373-4FCB-A433-74A7E344E4C9}: NameServer = 166.68.227.10,166.68.195.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/08 13:36:34 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/11/14 17:41:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/02 01:12:42 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\Linda\Desktop\JRT.exe
[2014/01/02 00:37:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/01 23:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/01 23:00:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/01 23:00:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/01 23:00:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/01 23:00:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/01 23:00:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/01 22:58:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/01/01 20:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/01 20:18:06 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/01 20:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\mbar
[2014/01/01 20:10:15 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys.bak
[2014/01/01 20:10:09 | 000,290,304 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys.bak
[2014/01/01 20:10:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys.bak
[2014/01/01 20:09:34 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys.bak
[2014/01/01 20:09:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/01 20:09:32 | 000,090,456 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprTdi_730_32781.sys.bak
[2014/01/01 20:09:32 | 000,036,776 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprvamgr.sys.bak
[2014/01/01 20:09:32 | 000,025,456 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprva.sys.bak
[2014/01/01 20:09:31 | 000,446,712 | ---- | C] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprna5.sys.bak
[2014/01/01 20:09:31 | 000,155,152 | ---- | C] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\drivers\ipsecw2k.sys.bak
[2014/01/01 20:09:22 | 000,088,192 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys.bak
[2014/01/01 20:09:20 | 000,026,137 | ---- | C] (Nortel Networks) -- C:\WINDOWS\System32\drivers\eacfilt.sys.bak
[2014/01/01 20:09:19 | 000,131,984 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys.bak
[2014/01/01 20:09:10 | 000,146,560 | ---- | C] (AuthenTec, Inc.) -- C:\WINDOWS\System32\drivers\atswpdrv.sys.bak
[2014/01/01 20:09:09 | 000,040,952 | ---- | C] (Attachmate Corporation) -- C:\WINDOWS\System32\drivers\atmdlc.sys.bak
[2014/01/01 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Desktop\RK_Quarantine
[2014/01/01 16:08:59 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/31 23:05:19 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
[2013/12/31 23:05:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Linda\Start Menu\Programs\Administrative Tools
[2013/12/31 17:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda\Application Data\Malwarebytes
[2013/12/31 17:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/31 17:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/12/31 17:25:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/12/31 17:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/11 21:38:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/12/11 21:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/04 13:57:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Inpgsoft
[2013/12/03 16:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Inpgsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/02 01:35:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/02 01:26:09 | 000,027,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2014/01/02 01:24:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/02 01:18:48 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/02 01:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/02 01:15:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 00:17:45 | 001,036,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\Linda\Desktop\JRT.exe
[2014/01/01 23:04:01 | 000,000,445 | RHS- | M] () -- C:\boot.ini
[2014/01/01 20:18:06 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/01 20:10:15 | 000,011,520 | ---- | M] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys.bak
[2014/01/01 20:10:09 | 000,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys.bak
[2014/01/01 20:10:05 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys.bak
[2014/01/01 20:09:34 | 000,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys.bak
[2014/01/01 20:09:34 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2014/01/01 20:09:32 | 000,446,712 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprna5.sys.bak
[2014/01/01 20:09:32 | 000,090,456 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprTdi_730_32781.sys.bak
[2014/01/01 20:09:32 | 000,036,776 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprvamgr.sys.bak
[2014/01/01 20:09:32 | 000,025,456 | ---- | M] (Juniper Networks, Inc.) -- C:\WINDOWS\System32\drivers\jnprva.sys.bak
[2014/01/01 20:09:31 | 000,155,152 | ---- | M] (Nortel Networks NA, Inc.) -- C:\WINDOWS\System32\drivers\ipsecw2k.sys.bak
[2014/01/01 20:09:22 | 000,088,192 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\gtipci21.sys.bak
[2014/01/01 20:09:20 | 000,026,137 | ---- | M] (Nortel Networks) -- C:\WINDOWS\System32\drivers\eacfilt.sys.bak
[2014/01/01 20:09:19 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys.bak
[2014/01/01 20:09:11 | 000,146,560 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\System32\drivers\atswpdrv.sys.bak
[2014/01/01 20:09:09 | 000,040,952 | ---- | M] (Attachmate Corporation) -- C:\WINDOWS\System32\drivers\atmdlc.sys.bak
[2014/01/01 14:26:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/31 15:04:53 | 000,000,075 | ---- | M] () -- C:\WINDOWS\iddsgtev8i.ini
[2013/12/31 14:53:10 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\VPN Client.lnk
[2013/12/31 14:49:05 | 000,000,329 | ---- | M] () -- C:\Boot.bak
[2013/12/17 11:53:03 | 000,027,335 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/12/16 13:45:29 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2013/12/16 13:45:25 | 000,085,832 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2013/12/16 13:45:25 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2013/12/12 04:42:30 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013/12/12 04:42:30 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013/12/12 03:24:53 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/11 22:21:56 | 000,486,552 | ---- | M] () -- D:\My Documents\cc_20131211_222146.reg
[2013/12/11 21:38:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/05 04:19:18 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/04 15:40:22 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Linda\Desktop\PA drive.bat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/01 23:04:01 | 000,000,329 | ---- | C] () -- C:\Boot.bak
[2014/01/01 23:03:54 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/01/01 23:00:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/01/01 23:00:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/01 23:00:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/01 23:00:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/01 23:00:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/31 14:25:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/12/11 22:21:49 | 000,486,552 | ---- | C] () -- D:\My Documents\cc_20131211_222146.reg
[2013/12/11 21:38:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/04/02 12:49:20 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iddsgtev8i.ini
[2012/03/18 16:42:42 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\Linda\CheckPref.properties
[2012/02/16 14:47:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/19 11:32:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2011/01/03 16:39:09 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
========== ZeroAccess Check ==========
[2013/04/03 11:20:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 09:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/11/15 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/11/15 20:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Attachmate
[2010/12/08 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/04/04 11:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
[2011/09/29 15:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2014/01/02 00:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/06/03 15:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/11/15 16:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Acronis
[2013/12/31 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Autodesk
[2013/12/31 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Bentley
[2012/07/30 12:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\ICAClient
[2013/09/05 14:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Juniper Networks
[2012/11/22 08:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Sling Media
[2011/12/14 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\TeamViewer
[2011/02/18 11:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Tracker Software
[2013/08/27 12:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda\Application Data\Windows Desktop Search
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/13 09:07:29 | 104,010,312 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\폔譡ƌ
[2013/11/12 15:08:33 | 104,010,312 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\폔譡ƌ
[2013/10/31 10:49:46 | 104,348,737 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\̓쯢ƌ
[2013/10/31 02:41:18 | 104,348,737 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\̓쯢ƌ
[2013/10/28 08:41:34 | 103,734,365 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꚶ⨮ƌ
[2013/10/22 02:40:48 | 103,734,365 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\ꚶ⨮ƌ
[2013/09/30 18:04:50 | 098,602,865 | ---- | M] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\呴㦚ƌ
[2013/09/24 18:04:23 | 098,602,865 | ---- | C] ()(C:\WINDOWS\System32\???) -- C:\WINDOWS\System32\呴㦚ƌ

< End of report >

Linda R · Jan 2, 2014

OTL Extras logfile created on: 1/2/2014 1:37:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.37 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 61.57% Memory free
5.21 Gb Paging File | 3.82 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.00 Gb Total Space | 3.96 Gb Free Space | 13.20% Space Free | Partition Type: NTFS
Drive D: | 44.52 Gb Total Space | 25.71 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive E: | 27.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 61.73 Mb Total Space | 58.56 Mb Free Space | 94.87% Space Free | Partition Type: FAT
Computer Name: WELLSCO-LAPPY | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled

xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Bentley\Program\MicroStation\ustation.exe" = C:\Bentley\Program\MicroStation\ustation.exe:*:Enabled:MicroStation for Windows x86 -- (Bentley Systems, Inc.)
"C:\Program Files\Bentley\Program\MicroStation\V8ustation.exe" = C:\Program Files\Bentley\Program\MicroStation\V8ustation.exe:*:Enabled:MicroStation for Windows x86 -- (Bentley Systems, Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\BentleyV8i\MicroStation\ustation.exe" = C:\Program Files\BentleyV8i\MicroStation\ustation.exe:*:Enabled:MicroStation V8i (SELECTseries 3) -- (Bentley Systems, Incorporated)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0515803B-5068-4599-8666-963E143C7381}" = HP Smart Card Security for ProtectTools 5.00 D4
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{08F9C040-FBE5-4633-93F8-0EA03A9CDCE2}" = Bentley MicroStation GeoGraphics (V 08.05.02.13)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)
"{13A316C1-0434-4F9F-941F-4B50C81E74A2}" = Junos Pulse Core Components
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}" = MetaFrame Presentation Server Client
"{7BC99097-6FD2-4D29-863A-0E558312E934}" = VC8 CRT
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{85E61D97-895C-4C04-8C7A-3CA0A5914BB9}" = MicroStation V8i (SELECTseries 3) 08.11.09.357
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{915B1639-00F3-41D0-93C5-C657E0B712BA}" = Junos Pulse UAC/NC Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959BB2CC-101A-4032-9E65-671F1F2AB80A}" = Junos Pulse Drivers Add-On
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7CA6CC5-465B-41F8-96B5-F66BDF4482C7}" = VZAccess Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B053C0F6-883A-4D60-A7E4-D469726222C3}_0" = Bentley MicroStation (V 08.05.02.45) - 1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home
"{CBF53BC3-87C6-4C89-BC2B-E4D0AD776A43}" = Bentley Map V8i (SELECTseries 3) For MicroStation 08.11.09.91
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D91CBC0D-D45B-4FE7-AF44-E2BDD302CD9F}" = WebSlingPlayer ActiveX
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DE2CE339-19BA-4703-ACFD-46FE05CEE928}" = Brother MFC-6490CW
"{E37E645E-4A0C-4D9E-B30A-7B19E797E743}" = BlackBerry USB Drivers
"{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
"{E69D311B-66D1-4246-8F09-947906F5219E}" = Junos Pulse Tunnel Manager Add-On
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Verizon Extranet Access Client
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F826729C-239A-4870-A8AF-043D81535D5F}" = Attachmate EXTRA! X-treme 9.1
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bentley MicroStation (V 07.01.04.07)" = Bentley MicroStation (V 07.01.04.07)
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Junos Pulse 3.1" = Junos Pulse 3.1
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MWSnap 3" = MWSnap 3
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZipDownloader" = ZipDownloader
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1757981266-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"WinImage" = WinImage
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/31/2013 10:16:21 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041d.
Error - 12/31/2013 10:16:59 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041d.
Error - 12/31/2013 10:17:32 PM | Computer Name = WELLSCO-LAPPY | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x8007041d.
Error - 12/31/2013 10:35:22 PM | Computer Name = WELLSCO-LAPPY | Source = Application Error | ID = 1000
Description = Faulting application updateoutobox.exe, version 1.0.5060.34698, faulting
module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Error - 12/31/2013 11:43:56 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 9000
Description = The Windows Search Service cannot open the Jet property store. Details:
0x%08x
(0x8004117f - The content index server cannot update or access information because
of a database error. Stop and restart the search service. If the problem persists,
reset and recrawl the content index. In some cases it may be necessary to delete
and recreate the content index. )
Error - 12/31/2013 11:43:58 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 9002
Description = The Windows Search Service cannot load the property store information.

Context:
Windows Application, SystemIndex Catalog Details: 0x%08x (0x8004117f - The content
index server cannot update or access information because of a database error.
Stop and restart the search service. If the problem persists, reset and recrawl
the content index. In some cases it may be necessary to delete and recreate the
content index. )
Error - 12/31/2013 11:43:58 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.JetPropStore> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index metadata cannot
be read. (0xc0041801)
Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: Element not found. (0x80070490)

Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index metadata cannot be read. (0xc0041801)

Error - 12/31/2013 11:44:03 PM | Computer Name = WELLSCO-LAPPY | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index metadata cannot be read. (0xc0041801)
[ System Events ]
Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.
Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
Description = The Windows Firewall/Internet Connection Sharing (ICS) service hung
on starting.
Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
Description = The Security Center service hung on starting.
Error - 1/2/2014 2:22:50 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
Error - 1/2/2014 2:22:53 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/2/2014 2:25:38 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.
Error - 1/2/2014 2:25:38 AM | Computer Name = WELLSCO-LAPPY | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053
Error - 1/2/2014 2:33:44 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
Error - 1/2/2014 2:44:26 AM | Computer Name = WELLSCO-LAPPY | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.
< End of report >

Linda R · Jan 2, 2014

Still no instances of iexplorer.exe running, but still have at least 4 instances of explorer.exe processes running. Computer still very sluggish and slow to boot. Earlier I was not able to boot into safe mode, I will try safe mode again and see if I can get JRT to run that way, unless you have other instructions for me. Thanks!

Solved Multiple iexplore.exe running in task manager, even if IE isn't open

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Attachments

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 56,041 +516

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Posts: 36 +0

Similar threads