Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Root Kit/G drive not showing/thumb drive not showing [Solved]


  • This topic is locked This topic is locked
28 replies to this topic

#1 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 21 November 2013 - 02:01 PM

Hi, my second drive (G) quit showing up in my computer yesterday, and also thumd brive are'nt being noticed either.

I tried to run OTL, but it kept locking up.

 

Thanks for your help

 

 

Hijack this

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:47:47 PM, on 11/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Beaub\Desktop\OTL.exe
C:\Documents and Settings\Beaub\Desktop\HiJackThis.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FPPhotoMiddleWare] C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [SVBNIoUSqfanm.exe] C:\Documents and Settings\All Users\Application Data\SVBNIoUSqfanm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN31U9QHDS05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\???\???\???\{07a07410-d3fa-1d04-d2d7-5711f807753f}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1262200055895
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1369003957641
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pn...veX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...rl.cab?lmi=1007
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (file missing)
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (file missing)
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 13883 bytes

 

.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Beaub at 13:50:07.28 on Thu 11/21/2013
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.831 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Beaub\Desktop\OTL.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\Beaub\Desktop\dds.scr
c:\program files\real\realplayer\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\8.2\dealioToolbarIE.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\8.2\dealioToolbarIE.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: AVG SafeGuard toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg safeguard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\8.2\dealioToolbarIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [HP Officejet 6700 (NET)] "c:\program files\hp\hp officejet 6700\bin\ScanToPCActivationApp.exe" -deviceID "CN31U9QHDS05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [Google Update] "c:\documents and settings\beaub\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Google Update] "c:\documents and settings\beaub\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [SVBNIoUSqfanm.exe] c:\documents and settings\all users\application data\SVBNIoUSqfanm.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262200055895
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369003957641
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\beaub\applic~1\mozilla\firefox\profiles\0ixibutj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60667
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\beaub\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\beaub\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\beaub\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-29 16512]
.
=============== Created Last 30 ================
.
2013-11-21 12:42:33 62576 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c4922fcf-c500-482d-a291-2743bea76abb}\offreg.dll
2013-11-21 12:42:33 40392 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c4922fcf-c500-482d-a291-2743bea76abb}\MpKsla29384e0.sys
2013-11-21 12:30:50 7772552 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c4922fcf-c500-482d-a291-2743bea76abb}\mpengine.dll
2013-11-21 10:00:40 -------- d-----w- C:\53cb0ef68e5fe68fd1f8e88e
2013-11-21 06:32:08 7772552 ------w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-11-21 04:01:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-11-21 04:01:51 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-15 01:24:05 -------- d-----w- c:\docume~1\beaub\locals~1\applic~1\Lzworks
2013-11-14 22:14:41 -------- d-----w- c:\docume~1\beaub\applic~1\Search Settings
2013-11-14 22:14:37 -------- d-----w- c:\program files\Application Updater
2013-11-14 22:14:36 -------- d-----w- c:\program files\Dealio Toolbar
2013-11-14 22:14:36 -------- d-----w- c:\program files\common files\Spigot
.
==================== Find3M  ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 19:23:12 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 19:23:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-52 -> Harddisk0\DR0 -> \Device\00000061
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A3E1808]<<
_asm { MOV EAX, 0x8a3e1728; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a3e2604; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL;  }
1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8A3AAAB8]
\Driver\Disk[0x8A482F38] -> IRP_MJ_CREATE -> 0x8A3E1808
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a3e1808
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 13:52:47.62 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 12/30/2009 8:29:26 AM
System Uptime: 11/21/2013 12:09:42 AM (13 hours ago)
.
Motherboard: Dell Inc |  | 0UW457
Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2  | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 40.625 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.007 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2847: 10/16/2013 4:00:18 AM - Software Distribution Service 3.0
RP2848: 10/16/2013 4:14:53 AM - Software Distribution Service 3.0
RP2849: 10/17/2013 4:00:18 AM - Software Distribution Service 3.0
RP2850: 10/17/2013 1:43:11 PM - Software Distribution Service 3.0
RP2851: 10/17/2013 4:38:31 PM - Software Distribution Service 3.0
RP2852: 10/18/2013 4:00:18 AM - Software Distribution Service 3.0
RP2853: 10/18/2013 4:32:19 PM - Software Distribution Service 3.0
RP2854: 10/19/2013 4:00:29 AM - Software Distribution Service 3.0
RP2855: 10/19/2013 4:35:02 PM - Software Distribution Service 3.0
RP2856: 10/20/2013 4:00:19 AM - Software Distribution Service 3.0
RP2857: 10/20/2013 4:34:47 PM - Software Distribution Service 3.0
RP2858: 10/20/2013 11:16:15 PM - Software Distribution Service 3.0
RP2859: 10/21/2013 4:00:18 AM - Software Distribution Service 3.0
RP2860: 10/21/2013 4:34:58 PM - Software Distribution Service 3.0
RP2861: 10/22/2013 4:00:19 AM - Software Distribution Service 3.0
RP2862: 10/23/2013 4:00:24 AM - Software Distribution Service 3.0
RP2863: 10/23/2013 1:35:07 PM - Software Distribution Service 3.0
RP2864: 10/24/2013 4:00:18 AM - Software Distribution Service 3.0
RP2865: 10/24/2013 1:33:50 PM - Software Distribution Service 3.0
RP2866: 10/25/2013 4:00:18 AM - Software Distribution Service 3.0
RP2867: 10/25/2013 1:33:59 PM - Software Distribution Service 3.0
RP2868: 10/26/2013 4:00:18 AM - Software Distribution Service 3.0
RP2869: 10/26/2013 1:33:57 PM - Software Distribution Service 3.0
RP2870: 10/27/2013 4:00:18 AM - Software Distribution Service 3.0
RP2871: 10/27/2013 1:59:13 PM - Software Distribution Service 3.0
RP2872: 10/27/2013 10:54:28 PM - Software Distribution Service 3.0
RP2873: 10/28/2013 4:00:21 AM - Software Distribution Service 3.0
RP2874: 10/28/2013 1:36:29 PM - Software Distribution Service 3.0
RP2875: 10/29/2013 4:00:19 AM - Software Distribution Service 3.0
RP2876: 10/29/2013 1:34:37 PM - Software Distribution Service 3.0
RP2877: 10/30/2013 4:00:23 AM - Software Distribution Service 3.0
RP2878: 10/30/2013 1:36:40 PM - Software Distribution Service 3.0
RP2879: 10/31/2013 4:00:18 AM - Software Distribution Service 3.0
RP2880: 11/1/2013 4:00:19 AM - Software Distribution Service 3.0
RP2881: 11/1/2013 6:56:36 AM - Software Distribution Service 3.0
RP2882: 11/2/2013 4:00:18 AM - Software Distribution Service 3.0
RP2883: 11/2/2013 6:56:34 AM - Software Distribution Service 3.0
RP2884: 11/3/2013 3:00:23 AM - Software Distribution Service 3.0
RP2885: 11/3/2013 4:00:19 AM - Software Distribution Service 3.0
RP2886: 11/3/2013 5:56:59 AM - Software Distribution Service 3.0
RP2887: 11/3/2013 10:51:36 PM - Software Distribution Service 3.0
RP2888: 11/4/2013 4:00:23 AM - Software Distribution Service 3.0
RP2889: 11/4/2013 5:57:11 AM - Software Distribution Service 3.0
RP2890: 11/5/2013 4:00:20 AM - Software Distribution Service 3.0
RP2891: 11/5/2013 5:57:15 AM - Software Distribution Service 3.0
RP2892: 11/6/2013 4:00:23 AM - Software Distribution Service 3.0
RP2893: 11/6/2013 5:57:23 AM - Software Distribution Service 3.0
RP2894: 11/7/2013 4:00:19 AM - Software Distribution Service 3.0
RP2895: 11/7/2013 5:56:53 AM - Software Distribution Service 3.0
RP2896: 11/8/2013 4:00:18 AM - Software Distribution Service 3.0
RP2897: 11/8/2013 5:57:02 AM - Software Distribution Service 3.0
RP2898: 11/9/2013 4:00:18 AM - Software Distribution Service 3.0
RP2899: 11/9/2013 5:57:16 AM - Software Distribution Service 3.0
RP2900: 11/10/2013 4:00:25 AM - Software Distribution Service 3.0
RP2901: 11/10/2013 5:57:08 AM - Software Distribution Service 3.0
RP2902: 11/10/2013 10:53:05 PM - Software Distribution Service 3.0
RP2903: 11/11/2013 4:00:26 AM - Software Distribution Service 3.0
RP2904: 11/11/2013 5:57:32 AM - Software Distribution Service 3.0
RP2905: 11/12/2013 4:00:24 AM - Software Distribution Service 3.0
RP2906: 11/12/2013 5:56:58 AM - Software Distribution Service 3.0
RP2907: 11/13/2013 4:00:31 AM - Software Distribution Service 3.0
RP2908: 11/14/2013 4:00:19 AM - Software Distribution Service 3.0
RP2909: 11/14/2013 4:39:41 AM - Software Distribution Service 3.0
RP2910: 11/15/2013 4:00:18 AM - Software Distribution Service 3.0
RP2911: 11/15/2013 4:39:26 AM - Software Distribution Service 3.0
RP2912: 11/16/2013 4:06:33 AM - Software Distribution Service 3.0
RP2913: 11/16/2013 6:06:25 AM - Software Distribution Service 3.0
RP2914: 11/16/2013 7:43:49 AM - Software Distribution Service 3.0
RP2915: 11/16/2013 1:49:34 PM - Software Distribution Service 3.0
RP2916: 11/16/2013 7:01:10 PM - Software Distribution Service 3.0
RP2917: 11/16/2013 10:55:41 PM - Software Distribution Service 3.0
RP2918: 11/17/2013 2:55:42 AM - Software Distribution Service 3.0
RP2919: 11/17/2013 4:00:19 AM - Software Distribution Service 3.0
RP2920: 11/17/2013 6:55:41 AM - Software Distribution Service 3.0
RP2921: 11/17/2013 10:54:23 PM - Software Distribution Service 3.0
RP2922: 11/18/2013 4:00:19 AM - Software Distribution Service 3.0
RP2923: 11/18/2013 9:48:36 AM - Software Distribution Service 3.0
RP2924: 11/19/2013 4:00:19 AM - Software Distribution Service 3.0
RP2925: 11/20/2013 4:00:19 AM - Software Distribution Service 3.0
RP2926: 11/20/2013 6:34:54 AM - Software Distribution Service 3.0
RP2927: 11/20/2013 1:26:40 PM - Software Distribution Service 3.0
RP2928: 11/20/2013 9:58:36 PM - Restore Operation
RP2929: 11/20/2013 10:00:32 PM - Restore Operation
RP2930: 11/20/2013 10:11:51 PM - Software Distribution Service 3.0
RP2931: 11/21/2013 12:31:27 AM - Software Distribution Service 3.0
RP2932: 11/21/2013 4:00:18 AM - Software Distribution Service 3.0
RP2933: 11/21/2013 6:30:48 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2-seater Thunderbird
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.2 (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
aerialfoundry CF-18 Hornet Pack 1.0
Aerodesigns Airbus A300-600R
AI-Aircraft Editor Version 2.1.0.23
AIO_Scan
AMR to MP3 Converter 1.4
AnyToISO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Mover
ArcSoft Panorama Maker 4
Area 51 Simulations C-17 Globemaster for MS Flight Simulator 2004
ASPCA Reminder by We-Care.com v4.1.22.1
Athlon 64 Processor Driver
Avanquest update
AVG SafeGuard toolbar
AviSynth 2.5
Beechcraft Bonanza V35 For FS2004
Bing Bar
BitTorrent
Boeing 727-200 for FS2004
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
BufferChm
C5200
C5200_doccd
c5200_Help
CardRd81
Carenado Piper Cherokee 180F
Carenado Piper Dakota 236 For FS2004
CCleaner
CCScore
Cessna 206H Fs 2004
Combi Livery Pack
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Content Transfer
Copy
CR2
Critical Security Update
CustomerResearchQFolder
CutePDF Writer 3.0
Dealio Toolbar v8.2
Defraggler
Delta Force - Black Hawk Down
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
EditVoicepack
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
Expstudio Audio Editor FREE
EZ Scenery Library
Fax
File Uploader
Fisher-Price Photo Software
Flight Deck 6 for FS2004
Free M4a to MP3 Converter 7.1
Free Mp3 Wma Converter V 1.9
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Hummer H1 by Dirk Stuck
I.R.I.S. OCR
iTunes
Java Auto Updater
Java™ 6 Update 21
Jet City Aircraft 717-200
Jet City Aircraft DC-9 Complete Package
Jet City Aircraft MD-80 and MD-90
K-Lite Codec Pack 7.0.0 (Standard)
KATL Atlanta
KEDDS
Kodak EasyShare digital display software
Luke AFB F-16 Package
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Military AI Works - 1st Anniversary Airshow
Military AI Works - RAF Lakenheath 48th FW
MobileMe Control Panel
Motorola Driver Installation 4.5.0
Mouse Suite for Desktop Computers
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR® Racing 2007 Season
NEMETH DESIGNS - S-76 SPIRIT
netbrdg
Nikon Message Center
Nikon Transfer
NNC Series Mod
NRatings
NVIDIA Drivers
OfotoXMI
PA44 Seminole
Pan Am B707-320C
PanoStandAlone
PGA Championship Golf 2000
Picasa 3
Prop-Liners Collection
PS Panels 737NG Version 1.1
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller Pro 3.0.7
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Rwy12 Library
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2884256)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFS Classics Boeing 707-320A, B and C
SHASTA
SigmaTel Audio
SimCity 2000® Special Edition
skin0001
SKINXSDK
Smith Designs KATl 1.5
Smith Designs KHOU 1.1
SolutionCenter
Sonic Activation Module
Southwest And Alaska Airlines Boeing 737-700
Spy Sweeper
staticcr
Status
swMSM
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
tooltips
TrayApp
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
US F-16D 2-Seater
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
vShare Plugin
WD SmartWare
WebFldrs XP
WebReg
WinDirStat 1.1.2
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.1.2
WinX Free AVI to WMV Converter 4.0.15
WinX Free FLV to WMV Converter 4.1.9
WinX Free MOV to MP4 Converter 4.1.11
WinX Free MOV to WMV Converter 4.1.11
WinX Free MP4 to AVI Converter 4.1.12
WinX Free MP4 to WMV Converter 4.1.10
WinZip 14.5
WIRELESS
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
11/21/2013 6:25:02 AM, error: DCOM [10000]  - Unable to start a DCOM Server: {F25AF245-4A81-40DC-92F9-E9021F207706}. The error: "%3" Happened while starting this command: "C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\17.1.2\ScriptHelper.exe" -Embedding
11/21/2013 4:03:33 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
11/20/2013 8:31:55 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AmdK8 Fips IPSec Lbd MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss StarOpen Tcpip
11/20/2013 8:31:55 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
11/20/2013 8:31:55 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/20/2013 8:31:55 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
11/20/2013 8:31:55 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/20/2013 8:31:55 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/20/2013 8:07:15 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 atapi Fips Lbd MpFilter PCIIde StarOpen
11/20/2013 6:44:18 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/20/2013 6:20:36 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/20/2013 6:20:27 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2013 3:27:50 AM, error: PlugPlayManager [12]  - The device 'ST2000DM001-9YN164' (IDE\DiskST2000DM001-9YN164______________________CC4C____\202020202020202020202020315330454C395630) disappeared from the system without first being prepared for removal.
11/20/2013 3:27:48 AM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\D.
11/20/2013 10:10:38 PM, error: Service Control Manager [7023]  - The Microsoft Antimalware Service service terminated with the following error:  %%2147943792
11/20/2013 10:10:34 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
11/20/2013 10:10:30 PM, error: Service Control Manager [7000]  - The vToolbarUpdater17.1.2 service failed to start due to the following error:  The system cannot find the file specified.
11/20/2013 10:10:08 PM, error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.  Signatures Attempted: Current  Error Code: 0x80070003  Error description: The system cannot find the path specified.   Signature version: 0.0.0.0;0.0.0.0  Engine version: 0.0.0.0
11/20/2013 1:50:43 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 Fips Lbd MpFilter StarOpen
11/16/2013 8:01:02 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd
11/16/2013 8:00:34 AM, error: sptd [4]  - Driver detected an internal error in its data structures for .
11/16/2013 8:00:18 AM, error: Print [23]  - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.
11/16/2013 7:44:17 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2760754).
11/16/2013 7:44:14 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).
11/16/2013 7:44:09 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2849999).
11/16/2013 7:44:06 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2817473).
11/16/2013 7:44:02 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2687403).
11/16/2013 2:43:19 PM, error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
11/16/2013 2:43:18 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  atapi Lbd PCIIde
.
==== End Of File ===========================

 


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 22 November 2013 - 04:12 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 

#3 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 22 November 2013 - 06:36 AM

I downloaded TDSSKiller and ran it. I followed the steps like you said, and it did find something. I can not find the log on the c:\ drive. I clicked the report tabont the top right, and tried to copy and paste it, but it does not copy.

#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 22 November 2013 - 06:41 AM

Reboot into safe mode and try again, please.


Proud Member of UNITE & TB
 

#5 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 22 November 2013 - 07:00 AM

Running in safe mode now. Re ran the program and still can not find the log or be able to copy/ paste.



#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 22 November 2013 - 07:02 AM

skip TDSS-Killer.

 

Let´s try something else:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 

#7 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 22 November 2013 - 07:40 AM

I had to leave and come to work. aswMBR was installing virus definitions when I left. When I go home for lunch I'll run the scan, and post it.



#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 22 November 2013 - 08:47 AM

ok :)


Proud Member of UNITE & TB
 

#9 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 22 November 2013 - 01:23 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-22 07:07:44
-----------------------------
07:07:44.531 OS Version: Windows 5.1.2600 Service Pack 3
07:07:44.531 Number of processors: 1 586 0x5F02
07:07:44.531 ComputerName: BEAU UserName:
07:07:44.828 Initialize success
07:53:40.718 AVAST engine defs: 13112101
13:17:49.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
13:17:49.671 Disk 0 Vendor: SAMSUNG_SP2504C VT100-52 Size: 238418MB BusType: 3
13:17:49.687 Device \Driver\nvata -> MajorFunction 8a2a40e8
13:17:49.734 Disk 0 MBR read successfully
13:17:49.750 Disk 0 MBR scan
13:17:49.796 Disk 0 Windows XP default MBR code
13:17:49.812 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:17:49.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
13:17:49.890 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228137 MB offset 21053440
13:17:49.921 Disk 0 scanning sectors +488278016
13:17:50.015 Disk 0 scanning C:\WINDOWS\system32\drivers
13:18:02.062 Service scanning
13:18:22.859 Service ?etadpug C:\Program Files\Google\Desktop\Install\{07a07410-d3fa-1d04-d2d7-5711f807753f}\ \ **HIDDEN**
13:18:26.843 Modules scanning
13:18:27.937 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
13:18:31.171 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
13:18:31.343 Disk 0 trace - called modules:
13:18:31.531 ntoskrnl.exe >>UNKNOWN [0x8a2a4c78]<<
13:18:31.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a22e030]
13:18:31.890 \Driver\Disk[0x8a263cd0] -> IRP_MJ_CREATE -> 0x8a2a4c78
13:18:32.406 AVAST engine scan C:\WINDOWS
13:18:40.109 AVAST engine scan C:\WINDOWS\system32
13:21:56.500 AVAST engine scan C:\WINDOWS\system32\drivers
13:22:16.187 AVAST engine scan C:\Documents and Settings\Beaub
13:23:01.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Beaub\Desktop\MBR.dat"
13:23:01.312 The log file has been saved successfully to "C:\Documents and Settings\Beaub\Desktop\aswMBR.txt"

#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 25 November 2013 - 02:47 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 

    Advertisements

Register to Remove


#11 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 25 November 2013 - 07:42 AM

I Ran combofix, It was preparing the log, when I had to leave and come to work. Will post the log in a few hours.



#12 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 25 November 2013 - 01:40 PM

ComboFix 13-11-23.02 - Beaub 11/25/2013   6:48.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1419 [GMT -6:00]
Running from: c:\documents and settings\Beaub\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\uninstaller.exe
c:\documents and settings\Beaub\Application Data\Dealio
c:\documents and settings\Beaub\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Beaub\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Beaub\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN]&lngid=[LANG_ID].xml
c:\documents and settings\Beaub\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\bing-zugo.xml
c:\documents and settings\Beaub\WINDOWS
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\chrome.jar
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\8.2\config.ini
c:\program files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\IE\8.2\dealioToolbarIE64.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\facebook.gif
c:\program files\Dealio Toolbar\Res\googleplus.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\Lang\res1031.ini
c:\program files\Dealio Toolbar\Res\Lang\res1033.ini
c:\program files\Dealio Toolbar\Res\Lang\res1034.ini
c:\program files\Dealio Toolbar\Res\Lang\res1036.ini
c:\program files\Dealio Toolbar\Res\Lang\res1040.ini
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\radio-close.gif
c:\program files\Dealio Toolbar\Res\radio-minimize.gif
c:\program files\Dealio Toolbar\Res\radiobeta.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_baidu.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\search_yandex.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\twitter.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\iun6002.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\387caaa377cce368.fb
c:\windows\system32\Cache\405538166eabf753.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\561773f93af5a6c1.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\759421698a6e087a.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\84fc55c9b3f0d735.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\aa07b5d5ae9269e3.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\fdf5cb0fa76a6a7d.fb
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\FlashPlayerApp.exe
c:\windows\wininit.ini
D:\AutoRun.inf
D:\Server.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-25 to 2013-11-25  )))))))))))))))))))))))))))))))
.
.
2013-11-25 13:05 . 2013-11-25 13:05 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4922FCF-C500-482D-A291-2743BEA76ABB}\MpKslcbf6d9b8.sys
2013-11-21 12:30 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C4922FCF-C500-482D-A291-2743BEA76ABB}\mpengine.dll
2013-11-21 06:32 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-21 04:01 . 2013-11-21 04:01 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-15 01:24 . 2013-11-16 20:41 -------- d-----w- c:\documents and settings\Beaub\Local Settings\Application Data\Lzworks
2013-11-14 22:14 . 2013-11-14 22:14 -------- d-----w- c:\documents and settings\Beaub\Application Data\Search Settings
2013-11-14 22:14 . 2013-11-14 22:14 -------- d-----w- c:\program files\Application Updater
2013-11-14 22:14 . 2013-11-14 22:14 -------- d-----w- c:\program files\Common Files\Spigot
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-12-30 23:44 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 19:23 . 2011-06-10 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-12 20:33 . 2013-06-06 12:32 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 07:25 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-04 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-12-30 19:15 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 15:53 . 2010-10-25 03:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-08-29 01:31 . 2004-08-04 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2010-02-11 23:40 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 07:46 1451680 ----a-w- c:\program files\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"FPPhotoMiddleWare"="c:\program files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe" [2010-07-30 62864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-04-14 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-11-08 1383232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-8-3 494920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 9:22 AM 664064]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6/6/2013 6:32 AM 37664]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [11/8/2013 3:51 PM 807800]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [7/23/2013 1:46 AM 193696]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 3:23 PM 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 1:21 AM 39056]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/22/2013 5:07 AM 93072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
S0 jxnsuek;jxnsuek;c:\windows\system32\drivers\nndbmprc.sys --> c:\windows\system32\drivers\nndbmprc.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 lktkak;lktkak;c:\windows\system32\drivers\yvvkjp.sys --> c:\windows\system32\drivers\yvvkjp.sys [?]
S0 mkmhyd;mkmhyd;c:\windows\system32\drivers\qbjpqawy.sys --> c:\windows\system32\drivers\qbjpqawy.sys [?]
S0 wfibrbwp;wfibrbwp;c:\windows\system32\drivers\toaun.sys --> c:\windows\system32\drivers\toaun.sys [?]
S0 wvvk;wvvk;c:\windows\system32\drivers\joffnkd.sys --> c:\windows\system32\drivers\joffnkd.sys [?]
S1 bhxoneeu;bhxoneeu;\??\c:\windows\system32\drivers\bhxoneeu.sys --> c:\windows\system32\drivers\bhxoneeu.sys [?]
S1 bmjycpdh;bmjycpdh;\??\c:\windows\system32\drivers\bmjycpdh.sys --> c:\windows\system32\drivers\bmjycpdh.sys [?]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/29/2010 7:54 PM 16512]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [7/23/2013 1:46 AM 240288]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [8/20/2013 4:55 PM 30464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys --> c:\windows\system32\DRIVERS\revoflt.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2010 10:27 AM 11520]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [5/14/2009 11:21 AM 98304]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - POLICYAGENT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:23]
.
2013-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-11-21 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-22 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-21 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-21 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2013-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2013-11-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2013-11-25 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-25 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vShare\vshare_toolbar.dll
FF - ProfilePath - c:\documents and settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60667
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\8.2\dealioToolbarIE.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SVBNIoUSqfanm.exe - c:\documents and settings\All Users\Application Data\SVBNIoUSqfanm.exe
HKLM-Run-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
SafeBoot-WinDefend
AddRemove-2-seater Thunderbird - c:\documents and settings\Beaub\Desktop\thunderbird\Uninstal_thunder.exe
AddRemove-aerialfoundry CF-18 Hornet Pack 1.0 - c:\documents and settings\Beaub\Desktop\cf\Uninstal.exe
AddRemove-Aerodesigns Airbus A300-600R - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Area 51 Simulations C-17 Globemaster for MS Flight Simulator 2004 - c:\documents and settings\Beaub\Desktop\c-17\Uninstal.exe
AddRemove-AVG SafeGuard toolbar - c:\program files\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-Beechcraft Bonanza V35 For FS2004 - c:\program files\Microsoft Games\Flight Simulator 9\UNCARBONV35FS9
AddRemove-Boeing 727-200 for FS2004 - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Carenado Piper Cherokee 180F - c:\program files\Microsoft Games\Flight Simulator 9\UNCARCHEROKEE180F.exe
AddRemove-Carenado Piper Dakota 236 For FS2004 - c:\program files\Microsoft Games\Flight Simulator 9\UNCARDAKOTAFS9.exe
AddRemove-Cessna 206H Fs 2004 - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Combi Livery Pack - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-EZ Scenery Library - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Flight Simulator 9.0 - g:\program files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE
AddRemove-Hummer H1 by Dirk Stuck - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Jet City Aircraft 717-200 - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Jet City Aircraft DC-9 Complete Package - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Jet City Aircraft MD-80 and MD-90 - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-KATL Atlanta - c:\documents and settings\Beaub\Desktop\Imagine Sim Atlanta KATL\Uninstall KATL.exe
AddRemove-NEMETH DESIGNS - S-76 SPIRIT - c:\documents and settings\Beaub\Desktop\nemeth\UnInstall_NDS76.exe
AddRemove-Pan Am B707-320C - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Rwy12 Library - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-SFS Classics Boeing 707-320A, B and C - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Smith Designs KATl 1.5 - c:\program files\Microsoft Games\Flight Simulator 9\Addon Scenery\KATL_1.5\Uninstal.exe
AddRemove-Smith Designs KHOU 1.1 - c:\program files\Microsoft Games\Flight Simulator 9\Addon Scenery\scenery\Uninstal.exe
AddRemove-US F-16D 2-Seater - c:\documents and settings\Beaub\Desktop\Uninstal F-16D.exe
AddRemove-{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1 - c:\program files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
AddRemove-Luke AFB F-16 Package - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Military AI Works - 1st Anniversary Airshow - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Military AI Works - RAF Lakenheath 48th FW - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-PA44 Seminole - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-Southwest And Alaska Airlines Boeing 737-700 - c:\documents and settings\Beaub\Desktop\southwest\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-25 07:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2506CBF1-D218-0E96-25CC-5CA069A9C75E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinZip\wzshlstb.dll
c:\progra~1\MI239C~1\shellext.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
c:\windows\system32\msiexec.exe
c:\windows\SoftwareDistribution\Download\Install\UpdateInstall.exe
c:\cb4d5c340cf00a873b9fd783\x86\setup.exe
c:\windows\system32\MsiExec.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Completion time: 2013-11-25  11:08:40 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-25 17:08
.
Pre-Run: 42,732,314,624 bytes free
Post-Run: 44,232,290,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0A88C29A0D10C2F5DEEC404A8499E456
8F558EB6672622401DA993E1E865C861
 



#13 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 26 November 2013 - 08:43 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 

#14 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 26 November 2013 - 01:15 PM

ComboFix 13-11-23.02 - Beaub 11/26/2013   9:12.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1918.1246 [GMT -6:00]
Running from: c:\documents and settings\Beaub\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Beaub\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\drivers\bhxoneeu.sys"
"c:\windows\system32\drivers\bmjycpdh.sys"
"c:\windows\system32\drivers\joffnkd.sys"
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\drivers\nndbmprc.sys"
"c:\windows\system32\drivers\qbjpqawy.sys"
"c:\windows\system32\drivers\toaun.sys"
"c:\windows\system32\drivers\yvvkjp.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Beaub\Application Data\Search Settings
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth172.dll
c:\program files\Common Files\Spigot\Search Settings\wthx172.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Legacy_LBD
-------\Service_Application Updater
-------\Service_bhxoneeu
-------\Service_bmjycpdh
-------\Service_jxnsuek
-------\Service_Lbd
-------\Service_lktkak
-------\Service_mkmhyd
-------\Service_wfibrbwp
-------\Service_wvvk
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
2013-11-25 17:22 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E0DFDF5-CDF8-44BF-8BF9-EA2886DC5F21}\mpengine.dll
2013-11-25 13:12 . 2013-11-25 13:12 -------- d-----w- c:\windows\LastGood.Tmp
2013-11-21 12:30 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-21 04:01 . 2013-11-21 04:01 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-15 01:24 . 2013-11-16 20:41 -------- d-----w- c:\documents and settings\Beaub\Local Settings\Application Data\Lzworks
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2009-12-30 23:44 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 19:23 . 2011-06-10 18:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-12 20:33 . 2013-06-06 12:32 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-13 07:25 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-04 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2009-12-30 19:15 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 15:53 . 2010-10-25 03:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-08-29 01:31 . 2004-08-04 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2010-02-11 23:40 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 07:46 1451680 ----a-w- c:\program files\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"FPPhotoMiddleWare"="c:\program files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe" [2010-07-30 62864]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-20 583016]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-04-14 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2012-8-3 494920]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/30/2009 9:22 AM 664064]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [6/6/2013 6:32 AM 37664]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [7/23/2013 1:46 AM 193696]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 3:23 PM 35088]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 1:21 AM 39056]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/22/2013 5:07 AM 93072]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/14/2009 2:31 PM 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [9/29/2010 7:54 PM 16512]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [7/23/2013 1:46 AM 240288]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [8/20/2013 4:55 PM 30464]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys --> c:\windows\system32\DRIVERS\revoflt.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [1/9/2010 10:27 AM 11520]
S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [5/14/2009 11:21 AM 98304]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:23]
.
2013-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2013-11-25 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-26 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-25 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-25 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job
- c:\documents and settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 06:08]
.
2013-11-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 21:01]
.
2013-11-26 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-26 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
2013-11-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 16:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vShare\vshare_toolbar.dll
FF - ProfilePath - c:\documents and settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-SFS Classics Boeing 707-320A, B and C - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-US F-16D 2-Seater - c:\documents and settings\Beaub\Desktop\Uninstal F-16D.exe
AddRemove-Military AI Works - RAF Lakenheath 48th FW - c:\program files\Microsoft Games\Flight Simulator 9\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-26 09:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
**************************************************************************
.
Completion time: 2013-11-26  09:34:34 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-26 15:34
ComboFix2.txt  2013-11-25 17:08
.
Pre-Run: 43,559,227,392 bytes free
Post-Run: 43,729,129,472 bytes free
.
- - End Of File - - B6F640E78CEE3112939B974105B5719D
8F558EB6672622401DA993E1E865C861

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Beaub :: BEAU [administrator]

11/26/2013 9:39:07 AM
mbam-log-2013-11-26 (09-39-07).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 411408
Time elapsed: 1 hour(s), 27 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 27 November 2013 - 04:31 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users