Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Windows XP SP3 slow, excessive HDD hits cause system to drag [Closed]

XP SP3 slow sluggish

  • This topic is locked This topic is locked
26 replies to this topic

#1 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 26 December 2013 - 03:39 PM

My family computer is bogged down, takes a long time to load, and long time to change programs. The hard drive has excessive hits and CPU cycles seem excessive for the little I have running.  Can I have assistance clearning up this old pc?

 

OTL.txt here:

 

 

OTL logfile created on: 12/26/2013 3:13:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 346.39 Mb Available Physical Memory | 38.73% Memory free
2.12 Gb Paging File | 1.64 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 210.34 Gb Free Space | 70.56% Space Free | Partition Type: NTFS

Computer Name: JOHNS-E-MACHINE | User Name: Admin John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Iminent\WinkHandler.exe ()
PRC - C:\Program Files\Common Files\Umbrella\Umbrella.exe (Iminent)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\13122601\algo.dll ()
MOD - C:\Program Files\Iminent\WinkHandler.exe ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WinkHandler) -- C:\Program Files\Iminent\WinkHandler.exe ()
SRV - (SProtection) -- C:\Program Files\Common Files\Umbrella\Umbrella.exe (Iminent)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (EZUSB) -- C:\WINDOWS\system32\drivers\ezusb.sys (Castles Technology Co.,Ltd)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent...DC-25738959AF18
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKCU\..\SearchScopes\{DC13474A-B7FD-4BDA-9AAB-8E676F0726EA}: "URL" = http://www.google.co...1I7AURU_enUS500
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://start.iminent...C-25738959AF18"
FF - prefs.js..browser.search.selectedEngine: "StartWeb"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/12 15:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 15:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co: C:\Program Files\LyricsWoofer\116.xpi [2013/07/06 07:48:26 | 000,005,776 | ---- | M] ()

[2012/10/14 07:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Extensions
[2013/12/26 13:41:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions
[2013/06/01 13:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/12/26 13:41:35 | 000,000,000 | ---D | M] (Iminent Toolbar) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions\ffxtlbr@iminent.com
[2013/12/19 07:26:37 | 000,626,450 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions\webbooster@iminent.com.xpi
[2013/12/26 13:41:37 | 000,001,368 | ---- | M] () -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\searchplugins\iminent.xml
[2013/09/20 10:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/22 22:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/04/22 22:23:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/24 11:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 11:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 11:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/06/01 13:17:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (LyricsWoofer) - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - C:\Program Files\LyricsWoofer\116.dll (Lyrics Woofer LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" File not found
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: army.mil ([owa.usar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: militarycac.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF2C4811-4F7B-4420-9EF8-1374BACB62B6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/12 17:55:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 15:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/12/26 15:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/12/26 14:58:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin John\Desktop\OTL.exe
[2013/12/26 13:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Application Data\Netgear Live Parental Controls
[2013/12/26 13:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Live Parental Controls
[2013/12/26 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR Live Parental Controls Management Utility
[2013/12/26 13:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013/12/26 13:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/26 14:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin John\Desktop\OTL.exe
[2013/12/26 14:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/26 14:45:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/26 14:43:22 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Admin John\Desktop\Shortcut to Internet Explorer.lnk
[2013/12/26 14:42:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/26 14:42:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/26 14:39:34 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/26 14:39:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/26 14:39:20 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/12/26 14:39:19 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/26 14:39:15 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/12/26 14:35:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 14:26:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/26 12:33:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 12:28:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/12 05:12:57 | 000,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 03:15:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/26 14:43:22 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Admin John\Desktop\Shortcut to Internet Explorer.lnk
[2013/06/27 15:06:12 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 15:06:13 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 15:06:13 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/12 15:06:23 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/12 15:06:23 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/30 20:01:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/30 20:01:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/30 20:01:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/30 20:01:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/30 20:01:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/12 02:01:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 02:01:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 02:01:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 04:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/11/12 19:15:19 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/07/22 11:58:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Admin John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 03:11:34 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/02/14 18:23:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/17 06:12:01 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Admin John\.recently-used.xbel

========== ZeroAccess Check ==========

[2012/12/19 14:59:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 02:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/15 11:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\1O1L1I1PtF1F1C1N
[2012/04/15 17:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Audacity
[2012/11/18 15:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\BSD
[2012/05/13 12:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Canon
[2012/05/11 03:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Canon Easy-WebPrint EX
[2012/08/21 05:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\DoD-PKE
[2012/06/18 14:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\FreeFileViewer
[2011/07/17 06:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\gtk-2.0
[2012/09/21 12:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Helios
[2011/11/29 09:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Leadertech
[2012/09/21 10:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\NetBeans
[2013/12/26 13:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Netgear Live Parental Controls
[2011/07/17 06:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\OpenOffice.org
[2011/07/13 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\Opera
[2013/07/06 08:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin John\Application Data\player
[2013/02/05 20:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/07/13 18:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/18 14:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2012/04/01 15:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2012/04/01 14:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/04/01 15:10:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/05/13 12:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/11/03 11:18:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/04/01 15:11:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012/04/01 15:10:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/04/01 14:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2012/04/01 15:10:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/09/20 10:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/05/13 12:21:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/04/01 14:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup000
[2012/04/01 14:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSetup001
[2012/04/01 15:10:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/04/01 14:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/07/17 05:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2011/11/29 09:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/03/31 11:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/11/18 19:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2013/12/26 14:39:15 | 000,058,184 | ---- | M] () MD5=CC64752BCB681D07EFCB89F9ED4BF124 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.SCF >
[2004/08/04 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.WSMODE >
[2013/12/26 11:58:32 | 000,000,561 | ---- | M] () MD5=FB514DB7D39ABC34C4D56D0F893BCE90 -- C:\Documents and Settings\Admin John\Application Data\NetBeans\7.2\config\Windows2Local\Modes\explorer.wsmode

< MD5 for: IEXPLORE.BAT >
[2013/04/21 01:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat

< MD5 for: IEXPLORE.CHM >
[2004/08/04 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\Help\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\erdnt\cache\iexplore.exe
[2004/08/04 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 12:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 12:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-27122324.PF >
[2013/12/26 14:45:09 | 000,073,942 | ---- | M] () MD5=83D36BB8C36FC463ACBB69BC5DDD9BDF -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

< MD5 for: IEXPLORE.HLP >
[2004/08/04 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: SERVICES >
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/04/21 21:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 11:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 04:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2006/11/11 08:11:46 | 000,001,602 | ---- | M] () MD5=B89617069DCC9A1E36F1B8BC8E9D5152 -- C:\Old Hard Drive\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
[2012/04/01 10:03:21 | 000,001,602 | ---- | M] () MD5=EF31BA0A3593A4BDA8ACDB5446CCC038 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SETTINGS >
[2013/12/26 11:58:31 | 000,001,622 | ---- | M] () MD5=81E136EBBD0008284F9A2F23402FF2CF -- C:\Documents and Settings\Admin John\Application Data\NetBeans\7.2\config\Windows2Local\Components\services.settings

< MD5 for: SERVICES.WSTCGRP >
[2013/12/26 11:58:33 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Documents and Settings\Admin John\Application Data\NetBeans\7.2\config\Windows2Local\Groups\InitialLayout\services.wstcgrp
[2013/12/26 11:58:33 | 000,000,225 | ---- | M] () MD5=E4AD31A486D75BC449F02775904D2430 -- C:\Documents and Settings\Admin John\Application Data\NetBeans\7.2\config\Windows2Local\Groups\OpenedProjects\services.wstcgrp

< MD5 for: SERVICES.WSTCREF >
[2013/12/26 11:58:32 | 000,000,129 | ---- | M] () MD5=73E5717A2B2C3FF0F7ED6EFDD0A658B3 -- C:\Documents and Settings\Admin John\Application Data\NetBeans\7.2\config\Windows2Local\Modes\explorer\services.wstcref

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE-32C57D49.PF >
[2013/12/23 11:43:48 | 000,010,046 | ---- | M] () MD5=8149D5BD7C3A8ECB9C43487C94CEC76C -- C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf

< %SYSTEMDRIVE%\*.* >
[2013/06/01 13:52:02 | 000,020,709 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2011/07/12 17:55:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/05/23 16:40:19 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/12/26 12:28:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/06/09 18:00:01 | 000,023,063 | ---- | M] () -- C:\ComboFix.txt
[2011/07/12 17:55:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/06/18 14:17:41 | 000,109,216 | ---- | M] (DoD PKE Engineering) -- C:\FBCA_crosscert_remover_v107.exe
[2011/07/12 17:55:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/07/12 17:55:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/07/13 15:51:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/12/26 14:26:41 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2013/05/30 04:10:28 | 000,085,122 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_30.05.2013_05.09.10_log.txt
[2012/06/14 21:35:03 | 000,000,003 | ---- | M] () -- C:\WLCount.Txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2012/04/01 10:02:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/08/25 03:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDA9.DLL
[2010/08/25 03:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPA9.DLL
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2013/05/09 02:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is ACA3-41BF
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/09/2013 02:47 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/09/2013 02:47 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/09/2013 02:36 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/09/2013 02:13 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 225,920,356,352 bytes free

< %systemroot%\System32\config\*.sav >
[2012/04/01 05:48:27 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012/03/26 04:47:31 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2012/04/01 05:48:27 | 022,020,096 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012/04/01 05:48:27 | 005,505,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2012/04/08 12:32:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/04/11 15:52:42 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/07/13 18:18:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2013/12/26 14:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin John\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-12-13 09:02:06

< End of report >

JRT.txt here:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Admin John on Sat 06/01/2013 at 14:33:25.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browserprotect
Successfully deleted: [Service] browserprotect
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smessaging
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\3192aa38321c641458dbdaf83979d193
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\searchquiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3106777
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\WINDOWS\prefetch\BABYLONTOOLBARSRV.EXE-08CD5ADB.pf
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\browserprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\babsolution"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\babylontoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\delta"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\searchquband"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\searchqutoolbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\appdata\locallow\datamngr"
Failed to delete: [Folder] "C:\Documents and Settings\Admin John\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\Local Settings\Application Data\winzipbar"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Failed to delete: [Folder] "C:\Program Files\searchqu toolbar"
Successfully deleted: [Folder] "C:\Program Files\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\winzipbar"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\start menu\programs\BrowserProtect"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin John\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\bprotector_prefs.js
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchplugins\search_results.xml
Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}"
Successfully deleted: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\searchqutoolbar
Successfully deleted: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\extensions\ffxtlbr@delta.com
Failed to delete: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Failed to delete: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted: [Folder] C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted the following from C:\Documents and Settings\Admin John\Application Data\mozilla\firefox\profiles\z9680u01.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119351&tt=300513_ctrl&babsrc=NT_ss&mntrId=ACA3001D72B2F71C");
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN29983022311797271&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_TFS");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=119351&tt=300513_ctrl&babsrc=HP_ss_gin2g&mntrId=ACA3001D72B2F71C");
user_pref("CT3289847.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=");
user_pref("CT3289847.originalSearchEngine", "Delta Search");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN29983022311797271&UM=2&sspv=TB_TFS&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN29983022311797271&UM=2&UP=SP2E7C3E74-4200-4D66-9CE2-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN29983022311797271&UM=2&sspv=TB_TFS&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
user_pref("smartbar.originalHomepage", "hxxp://www.delta-search.com/?affID=119351&tt=300513_ctrl&babsrc=HP_ss&mntrId=ACA3001D72B2F71C");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q=");



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Admin John\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/01/2013 at 14:39:15.92
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Advertisements

Register to Remove


#2 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 26 December 2013 - 03:50 PM

:welcome:

Hello SkinnyTex,

my name is Jo and I will help you with your computer problems.


Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I will return as soon as possible with more instructions.



***


  • SkinnyTex likes this
Graduate of the WTT Classroom
Cheers,
Jo

#3 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 26 December 2013 - 03:51 PM

Here is my Hijackthis scan:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:30 PM, on 12/26/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Admin John\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent...DC-25738959AF18
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: LyricsWoofer - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - C:\Program Files\LyricsWoofer\116.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SProtection - Iminent - C:\Program Files\Common Files\Umbrella\Umbrella.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: WinkHandler - Unknown owner - C:\Program Files\Iminent\WinkHandler.exe

--
End of file - 5529 bytes

DDS.TXT follows:

 

 

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin John at 15:45:51.21 on Thu 12/26/2013
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin John\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: LyricsWoofer: {73f8f433-14c8-48aa-8412-54bc6f8d3fa3} - c:\program files\lyricswoofer\116.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: army.mil\owa.usar
Trusted Zone: militarycac.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\adminj~1\applic~1\mozilla\firefox\profiles\z9680u01.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
FF - prefs.js: browser.search.selectedEngine - StartWeb
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - aca341bf000000000000001d72b2f71c
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16065
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:41:22
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-12 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-13 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-13 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-13 46808]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-12-26 2905408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WinkHandler;WinkHandler;c:\program files\iminent\WinkHandler.exe [2013-12-26 425792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257416]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 115168]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-26 19:44:42 -------- d-----w- c:\docume~1\adminj~1\applic~1\Netgear Live Parental Controls
2013-12-26 19:43:56 -------- d-----w- c:\program files\NETGEAR Live Parental Controls Management Utility
2013-12-26 19:39:09 -------- d-----w- c:\program files\Iminent
2013-12-26 19:39:09 -------- d-----w- c:\program files\common files\Umbrella
.
==================== Find3M ====================
.
2013-12-26 20:42:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-26 20:42:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 15:46:25.06 ===============
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin John at 15:45:51.21 on Thu 12/26/2013
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin John\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: LyricsWoofer: {73f8f433-14c8-48aa-8412-54bc6f8d3fa3} - c:\program files\lyricswoofer\116.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: army.mil\owa.usar
Trusted Zone: militarycac.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\adminj~1\applic~1\mozilla\firefox\profiles\z9680u01.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
FF - prefs.js: browser.search.selectedEngine - StartWeb
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - aca341bf000000000000001d72b2f71c
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16065
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:41:22
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-12 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-13 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-13 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-13 46808]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-12-26 2905408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WinkHandler;WinkHandler;c:\program files\iminent\WinkHandler.exe [2013-12-26 425792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257416]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 115168]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-26 19:44:42 -------- d-----w- c:\docume~1\adminj~1\applic~1\Netgear Live Parental Controls
2013-12-26 19:43:56 -------- d-----w- c:\program files\NETGEAR Live Parental Controls Management Utility
2013-12-26 19:39:09 -------- d-----w- c:\program files\Iminent
2013-12-26 19:39:09 -------- d-----w- c:\program files\common files\Umbrella
.
==================== Find3M ====================
.
2013-12-26 20:42:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-26 20:42:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 15:46:25.06 ===============

 

 

ATTACH.TXT follows:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2012 11:07:42 AM
System Uptime: 12/26/2013 2:26:24 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon™ Processor 2650e | Socket AM2 | 1607/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 210.4 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP561: 9/26/2013 5:48:13 PM - System Checkpoint
RP562: 9/27/2013 5:49:49 PM - System Checkpoint
RP563: 9/28/2013 5:50:29 PM - System Checkpoint
RP564: 9/29/2013 6:34:30 PM - System Checkpoint
RP565: 9/30/2013 6:54:34 PM - System Checkpoint
RP566: 10/1/2013 7:33:19 PM - System Checkpoint
RP567: 10/2/2013 8:05:49 PM - System Checkpoint
RP568: 10/3/2013 8:08:46 PM - System Checkpoint
RP569: 10/4/2013 8:31:23 PM - System Checkpoint
RP570: 10/5/2013 9:20:27 PM - System Checkpoint
RP571: 10/6/2013 10:12:49 PM - System Checkpoint
RP572: 10/7/2013 11:01:38 PM - System Checkpoint
RP573: 10/9/2013 12:00:26 AM - System Checkpoint
RP574: 10/9/2013 3:00:19 AM - Software Distribution Service 3.0
RP575: 10/10/2013 3:55:28 AM - System Checkpoint
RP576: 10/11/2013 5:52:10 AM - System Checkpoint
RP577: 10/12/2013 9:57:24 AM - System Checkpoint
RP578: 10/13/2013 10:06:16 AM - System Checkpoint
RP579: 10/14/2013 3:00:18 AM - Software Distribution Service 3.0
RP580: 10/15/2013 3:39:08 AM - System Checkpoint
RP581: 10/16/2013 4:38:03 AM - System Checkpoint
RP582: 10/17/2013 6:22:45 AM - System Checkpoint
RP583: 10/18/2013 10:13:22 AM - System Checkpoint
RP584: 10/19/2013 10:47:39 AM - System Checkpoint
RP585: 10/20/2013 11:27:02 AM - System Checkpoint
RP586: 10/21/2013 11:29:10 AM - System Checkpoint
RP587: 10/22/2013 11:40:22 AM - System Checkpoint
RP588: 10/23/2013 12:09:57 PM - System Checkpoint
RP589: 10/24/2013 1:34:34 PM - System Checkpoint
RP590: 10/25/2013 2:50:33 PM - System Checkpoint
RP591: 10/26/2013 3:29:34 PM - System Checkpoint
RP592: 10/27/2013 3:34:52 PM - System Checkpoint
RP593: 10/28/2013 4:15:54 PM - System Checkpoint
RP594: 10/29/2013 4:46:01 PM - System Checkpoint
RP595: 10/30/2013 4:59:31 PM - System Checkpoint
RP596: 10/31/2013 6:25:42 PM - System Checkpoint
RP597: 11/1/2013 6:58:41 PM - System Checkpoint
RP598: 11/2/2013 7:58:39 PM - System Checkpoint
RP599: 11/3/2013 7:01:44 PM - System Checkpoint
RP600: 11/4/2013 7:12:09 PM - System Checkpoint
RP601: 11/6/2013 7:23:15 AM - System Checkpoint
RP602: 11/7/2013 7:43:36 AM - System Checkpoint
RP603: 11/8/2013 8:44:34 AM - System Checkpoint
RP604: 11/9/2013 10:07:11 AM - System Checkpoint
RP605: 11/10/2013 10:11:03 AM - System Checkpoint
RP606: 11/11/2013 10:32:46 AM - System Checkpoint
RP607: 11/12/2013 10:57:11 AM - System Checkpoint
RP608: 11/13/2013 3:00:27 AM - Software Distribution Service 3.0
RP609: 11/14/2013 3:58:37 AM - System Checkpoint
RP610: 11/15/2013 10:23:25 AM - System Checkpoint
RP611: 11/17/2013 6:48:43 AM - System Checkpoint
RP612: 11/18/2013 8:14:04 AM - System Checkpoint
RP613: 11/19/2013 8:30:41 AM - System Checkpoint
RP614: 11/20/2013 9:27:01 AM - System Checkpoint
RP615: 11/21/2013 10:02:09 AM - System Checkpoint
RP616: 11/22/2013 11:02:04 AM - System Checkpoint
RP617: 11/23/2013 11:14:13 AM - System Checkpoint
RP618: 11/24/2013 11:20:37 AM - System Checkpoint
RP619: 11/25/2013 11:59:15 AM - System Checkpoint
RP620: 11/26/2013 1:04:12 PM - System Checkpoint
RP621: 11/27/2013 2:03:26 PM - System Checkpoint
RP622: 11/28/2013 2:52:50 PM - System Checkpoint
RP623: 11/29/2013 3:41:39 PM - System Checkpoint
RP624: 11/30/2013 4:41:40 PM - System Checkpoint
RP625: 12/1/2013 5:40:40 PM - System Checkpoint
RP626: 12/2/2013 6:33:28 PM - System Checkpoint
RP627: 12/3/2013 7:29:31 PM - System Checkpoint
RP628: 12/4/2013 8:27:19 PM - System Checkpoint
RP629: 12/5/2013 9:27:16 PM - System Checkpoint
RP630: 12/6/2013 10:25:20 PM - System Checkpoint
RP631: 12/7/2013 11:19:39 PM - System Checkpoint
RP632: 12/9/2013 12:16:17 AM - System Checkpoint
RP633: 12/10/2013 1:11:34 AM - System Checkpoint
RP634: 12/11/2013 2:09:32 AM - System Checkpoint
RP635: 12/12/2013 3:00:24 AM - Software Distribution Service 3.0
RP636: 12/13/2013 3:00:52 AM - Software Distribution Service 3.0
RP637: 12/14/2013 3:13:47 AM - System Checkpoint
RP638: 12/15/2013 4:14:03 AM - System Checkpoint
RP639: 12/16/2013 6:16:11 AM - System Checkpoint
RP640: 12/17/2013 6:54:02 AM - System Checkpoint
RP641: 12/18/2013 7:35:03 AM - System Checkpoint
RP642: 12/19/2013 8:25:31 AM - System Checkpoint
RP643: 12/20/2013 9:03:48 AM - System Checkpoint
RP644: 12/21/2013 9:07:58 AM - System Checkpoint
RP645: 12/22/2013 9:38:27 AM - System Checkpoint
RP646: 12/23/2013 10:35:47 AM - System Checkpoint
RP647: 12/24/2013 10:40:03 AM - System Checkpoint
RP648: 12/26/2013 12:10:45 PM - Removed Bonjour
RP649: 12/26/2013 3:15:32 PM - OTL Restore Point - 12/26/2013 3:15:28 PM
.
==== Installed Programs ======================
.
.
ActivClient CAC x86
Adobe AIR
Adobe AIR Free Download Packages
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader Free Download Packages
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
avast! Free Antivirus
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Carbonite
Compatibility Pack for the 2007 Office system
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
erLT
ESET Online Scanner v3
EzCCID Smart Card Reader Setup For Windows 2000_XP_2003
File Type Assistant
Free File Viewer 2011
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Iminent
InstallRoot 3.15.1
iTunes
Java 7 Update 9
Java Auto Updater
Java SE Development Kit 7 Update 7
jZip
K-Lite Codec Pack 9.4.0 (Basic)
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
LyricsWoofer
MediaWidget 6.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetBeans IDE 7.2
NETGEAR Live Parental Controls Management Utility 2.1.6
NVIDIA Drivers
Opera 12.00
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 6.0
Strongvault Online Backup
swMSM
TextPad 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Castles Technology (EZCCID) SmartCardReader (11/26/2008 3.1.7.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
12/23/2013 3:03:39 AM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
12/23/2013 2:35:47 AM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
12/23/2013 11:44:25 AM, error: DCOM [10000] - Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}. The error: "%2" Happened while starting this command: "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" -Embedding
12/22/2013 8:55:15 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.8 with the system having network hardware address 00:19:9D:A2:50:B9. Network operations on this system may be disrupted as a result.
12/21/2013 7:40:11 AM, error: VolSnap [14] - The shadow copy of volume C: was aborted because of an IO failure.
12/21/2013 7:40:11 AM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts1.
.
==== End Of File ===========================



#4 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 26 December 2013 - 03:52 PM

Here is my Hijackthis scan:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:30 PM, on 12/26/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Admin John\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent...DC-25738959AF18
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: LyricsWoofer - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - C:\Program Files\LyricsWoofer\116.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Minibar.InternetExplorer.BHOx86.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
O4 - HKLM\..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ackpbsc - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SProtection - Iminent - C:\Program Files\Common Files\Umbrella\Umbrella.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: WinkHandler - Unknown owner - C:\Program Files\Iminent\WinkHandler.exe

--
End of file - 5529 bytes

DDS.TXT follows:

 

 

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin John at 15:45:51.21 on Thu 12/26/2013
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin John\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: LyricsWoofer: {73f8f433-14c8-48aa-8412-54bc6f8d3fa3} - c:\program files\lyricswoofer\116.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: army.mil\owa.usar
Trusted Zone: militarycac.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\adminj~1\applic~1\mozilla\firefox\profiles\z9680u01.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
FF - prefs.js: browser.search.selectedEngine - StartWeb
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - aca341bf000000000000001d72b2f71c
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16065
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:41:22
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-12 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-13 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-13 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-13 46808]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-12-26 2905408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WinkHandler;WinkHandler;c:\program files\iminent\WinkHandler.exe [2013-12-26 425792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257416]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 115168]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-26 19:44:42 -------- d-----w- c:\docume~1\adminj~1\applic~1\Netgear Live Parental Controls
2013-12-26 19:43:56 -------- d-----w- c:\program files\NETGEAR Live Parental Controls Management Utility
2013-12-26 19:39:09 -------- d-----w- c:\program files\Iminent
2013-12-26 19:39:09 -------- d-----w- c:\program files\common files\Umbrella
.
==================== Find3M ====================
.
2013-12-26 20:42:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-26 20:42:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 15:46:25.06 ===============
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Admin John at 15:45:51.21 on Thu 12/26/2013
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.352 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Common Files\Umbrella\Umbrella.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iminent\WinkHandler.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin John\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
uURLSearchHooks: H - No File
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: LyricsWoofer: {73f8f433-14c8-48aa-8412-54bc6f8d3fa3} - c:\program files\lyricswoofer\116.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - c:\program files\iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe /check
mRun: [Iminent] c:\program files\iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] c:\program files\iminent\Iminent.Messengers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: army.mil\owa.usar
Trusted Zone: militarycac.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\adminj~1\applic~1\mozilla\firefox\profiles\z9680u01.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=40F96FE2-412B-4AE0-B1DC-25738959AF18
FF - prefs.js: browser.search.selectedEngine - StartWeb
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - aca341bf000000000000001d72b2f71c
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16065
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.313:41:22
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-12 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-12 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-13 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-13 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-13 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-12 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-13 46808]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella.exe [2013-12-26 2905408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 WinkHandler;WinkHandler;c:\program files\iminent\WinkHandler.exe [2013-12-26 425792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2008-6-3 63288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257416]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-1 136176]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-21 115168]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-26 21:09:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-26 19:44:42 -------- d-----w- c:\docume~1\adminj~1\applic~1\Netgear Live Parental Controls
2013-12-26 19:43:56 -------- d-----w- c:\program files\NETGEAR Live Parental Controls Management Utility
2013-12-26 19:39:09 -------- d-----w- c:\program files\Iminent
2013-12-26 19:39:09 -------- d-----w- c:\program files\common files\Umbrella
.
==================== Find3M ====================
.
2013-12-26 20:42:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-26 20:42:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 15:46:25.06 ===============

 

 

ATTACH.TXT follows:

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2012 11:07:42 AM
System Uptime: 12/26/2013 2:26:24 PM (1 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon™ Processor 2650e | Socket AM2 | 1607/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 210.4 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP561: 9/26/2013 5:48:13 PM - System Checkpoint
RP562: 9/27/2013 5:49:49 PM - System Checkpoint
RP563: 9/28/2013 5:50:29 PM - System Checkpoint
RP564: 9/29/2013 6:34:30 PM - System Checkpoint
RP565: 9/30/2013 6:54:34 PM - System Checkpoint
RP566: 10/1/2013 7:33:19 PM - System Checkpoint
RP567: 10/2/2013 8:05:49 PM - System Checkpoint
RP568: 10/3/2013 8:08:46 PM - System Checkpoint
RP569: 10/4/2013 8:31:23 PM - System Checkpoint
RP570: 10/5/2013 9:20:27 PM - System Checkpoint
RP571: 10/6/2013 10:12:49 PM - System Checkpoint
RP572: 10/7/2013 11:01:38 PM - System Checkpoint
RP573: 10/9/2013 12:00:26 AM - System Checkpoint
RP574: 10/9/2013 3:00:19 AM - Software Distribution Service 3.0
RP575: 10/10/2013 3:55:28 AM - System Checkpoint
RP576: 10/11/2013 5:52:10 AM - System Checkpoint
RP577: 10/12/2013 9:57:24 AM - System Checkpoint
RP578: 10/13/2013 10:06:16 AM - System Checkpoint
RP579: 10/14/2013 3:00:18 AM - Software Distribution Service 3.0
RP580: 10/15/2013 3:39:08 AM - System Checkpoint
RP581: 10/16/2013 4:38:03 AM - System Checkpoint
RP582: 10/17/2013 6:22:45 AM - System Checkpoint
RP583: 10/18/2013 10:13:22 AM - System Checkpoint
RP584: 10/19/2013 10:47:39 AM - System Checkpoint
RP585: 10/20/2013 11:27:02 AM - System Checkpoint
RP586: 10/21/2013 11:29:10 AM - System Checkpoint
RP587: 10/22/2013 11:40:22 AM - System Checkpoint
RP588: 10/23/2013 12:09:57 PM - System Checkpoint
RP589: 10/24/2013 1:34:34 PM - System Checkpoint
RP590: 10/25/2013 2:50:33 PM - System Checkpoint
RP591: 10/26/2013 3:29:34 PM - System Checkpoint
RP592: 10/27/2013 3:34:52 PM - System Checkpoint
RP593: 10/28/2013 4:15:54 PM - System Checkpoint
RP594: 10/29/2013 4:46:01 PM - System Checkpoint
RP595: 10/30/2013 4:59:31 PM - System Checkpoint
RP596: 10/31/2013 6:25:42 PM - System Checkpoint
RP597: 11/1/2013 6:58:41 PM - System Checkpoint
RP598: 11/2/2013 7:58:39 PM - System Checkpoint
RP599: 11/3/2013 7:01:44 PM - System Checkpoint
RP600: 11/4/2013 7:12:09 PM - System Checkpoint
RP601: 11/6/2013 7:23:15 AM - System Checkpoint
RP602: 11/7/2013 7:43:36 AM - System Checkpoint
RP603: 11/8/2013 8:44:34 AM - System Checkpoint
RP604: 11/9/2013 10:07:11 AM - System Checkpoint
RP605: 11/10/2013 10:11:03 AM - System Checkpoint
RP606: 11/11/2013 10:32:46 AM - System Checkpoint
RP607: 11/12/2013 10:57:11 AM - System Checkpoint
RP608: 11/13/2013 3:00:27 AM - Software Distribution Service 3.0
RP609: 11/14/2013 3:58:37 AM - System Checkpoint
RP610: 11/15/2013 10:23:25 AM - System Checkpoint
RP611: 11/17/2013 6:48:43 AM - System Checkpoint
RP612: 11/18/2013 8:14:04 AM - System Checkpoint
RP613: 11/19/2013 8:30:41 AM - System Checkpoint
RP614: 11/20/2013 9:27:01 AM - System Checkpoint
RP615: 11/21/2013 10:02:09 AM - System Checkpoint
RP616: 11/22/2013 11:02:04 AM - System Checkpoint
RP617: 11/23/2013 11:14:13 AM - System Checkpoint
RP618: 11/24/2013 11:20:37 AM - System Checkpoint
RP619: 11/25/2013 11:59:15 AM - System Checkpoint
RP620: 11/26/2013 1:04:12 PM - System Checkpoint
RP621: 11/27/2013 2:03:26 PM - System Checkpoint
RP622: 11/28/2013 2:52:50 PM - System Checkpoint
RP623: 11/29/2013 3:41:39 PM - System Checkpoint
RP624: 11/30/2013 4:41:40 PM - System Checkpoint
RP625: 12/1/2013 5:40:40 PM - System Checkpoint
RP626: 12/2/2013 6:33:28 PM - System Checkpoint
RP627: 12/3/2013 7:29:31 PM - System Checkpoint
RP628: 12/4/2013 8:27:19 PM - System Checkpoint
RP629: 12/5/2013 9:27:16 PM - System Checkpoint
RP630: 12/6/2013 10:25:20 PM - System Checkpoint
RP631: 12/7/2013 11:19:39 PM - System Checkpoint
RP632: 12/9/2013 12:16:17 AM - System Checkpoint
RP633: 12/10/2013 1:11:34 AM - System Checkpoint
RP634: 12/11/2013 2:09:32 AM - System Checkpoint
RP635: 12/12/2013 3:00:24 AM - Software Distribution Service 3.0
RP636: 12/13/2013 3:00:52 AM - Software Distribution Service 3.0
RP637: 12/14/2013 3:13:47 AM - System Checkpoint
RP638: 12/15/2013 4:14:03 AM - System Checkpoint
RP639: 12/16/2013 6:16:11 AM - System Checkpoint
RP640: 12/17/2013 6:54:02 AM - System Checkpoint
RP641: 12/18/2013 7:35:03 AM - System Checkpoint
RP642: 12/19/2013 8:25:31 AM - System Checkpoint
RP643: 12/20/2013 9:03:48 AM - System Checkpoint
RP644: 12/21/2013 9:07:58 AM - System Checkpoint
RP645: 12/22/2013 9:38:27 AM - System Checkpoint
RP646: 12/23/2013 10:35:47 AM - System Checkpoint
RP647: 12/24/2013 10:40:03 AM - System Checkpoint
RP648: 12/26/2013 12:10:45 PM - Removed Bonjour
RP649: 12/26/2013 3:15:32 PM - OTL Restore Point - 12/26/2013 3:15:28 PM
.
==== Installed Programs ======================
.
.
ActivClient CAC x86
Adobe AIR
Adobe AIR Free Download Packages
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader Free Download Packages
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
avast! Free Antivirus
CameraHelperMsi
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Carbonite
Compatibility Pack for the 2007 Office system
EPSON Print CD
EPSON Printer Software
EPSON RX595 User's Guide
EPSON Scan
EPSON Stylus Photo RX595 Series Scanner Driver Update
erLT
ESET Online Scanner v3
EzCCID Smart Card Reader Setup For Windows 2000_XP_2003
File Type Assistant
Free File Viewer 2011
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Iminent
InstallRoot 3.15.1
iTunes
Java 7 Update 9
Java Auto Updater
Java SE Development Kit 7 Update 7
jZip
K-Lite Codec Pack 9.4.0 (Basic)
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
LyricsWoofer
MediaWidget 6.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetBeans IDE 7.2
NETGEAR Live Parental Controls Management Utility 2.1.6
NVIDIA Drivers
Opera 12.00
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 6.0
Strongvault Online Backup
swMSM
TextPad 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Castles Technology (EZCCID) SmartCardReader (11/26/2008 3.1.7.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 16.5
.
==== Event Viewer Messages From Past Week ========
.
12/23/2013 3:03:39 AM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
12/23/2013 2:35:47 AM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
12/23/2013 11:44:25 AM, error: DCOM [10000] - Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}. The error: "%2" Happened while starting this command: "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" -Embedding
12/22/2013 8:55:15 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.8 with the system having network hardware address 00:19:9D:A2:50:B9. Network operations on this system may be disrupted as a result.
12/21/2013 7:40:11 AM, error: VolSnap [14] - The shadow copy of volume C: was aborted because of an IO failure.
12/21/2013 7:40:11 AM, error: nvgts [5] - A parity error was detected on \Device\Scsi\nvgts1.
.
==== End Of File ===========================



#5 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 26 December 2013 - 03:56 PM

Thank you Jo*

 

I will use plain english.  Thank you for your help. 

 

Sailortex



#6 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 27 December 2013 - 02:58 AM

Hello SkinnyTex,

1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***

2. Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***

3. Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo

#7 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 27 December 2013 - 09:23 AM

Results of Checkup text here.  Jo, I have new symptoms since yesterday.  Each time I tried to open IE7 (I think it is 7) the shortcut ion was duplicated on my desktop and would not open.  I am in safe mode now and able to use Opera.  This scan was performed under those conditions.  Here is the content.

 

 

Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Java SE Development Kit 7 Update 7
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



#8 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 27 December 2013 - 10:26 AM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937869312, free: 673824768

Downloaded database version: v2013.12.27.05
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/27/2013 09:28:01
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff8463c540
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff84636c48
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8463cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff84633ce0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8549f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path1Target1Lun0\
Lower Device Object: 0xffffffff8546b030
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8549f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8549fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8549f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff854ebd98, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8546b030, DeviceName: \Device\Scsi\nvgts1Port2Path1Target1Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE8D299C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8463cab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84632738, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8463cab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84633ce0, DeviceName: \Device\0000006b\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8463c540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8462fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8463c540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84636c48, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Infected: C:\Downloads\Setup.exe --> [Adware.DomaIQ]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE --> [Adware.DomaIQ]
Scan finished
 



#9 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 27 December 2013 - 11:36 AM

# AdwCleaner v3.016 - Report created 27/12/2013 at 11:30:53
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin John - JOHNS-E-MACHINE
# Running from : C:\Documents and Settings\Admin John\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ca82e1a5
Service Found : CltMngSvc
Service Found : IBUpdaterService
Service Found : SProtection

***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\webbooster@iminent.com.xpi
File Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\searchplugins\iminent.xml
File Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\user.js
File Found : C:\Documents and Settings\Admin John\Desktop\Mobogenie.lnk
File Found : C:\Documents and Settings\Admin John\Desktop\MySearchDial.url
File Found : C:\Documents and Settings\Admin John\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Documents and Settings\Admin John\Local Settings\Application Data\mysearchdial-speeddial.crx
File Found : C:\Documents and Settings\All Users\Desktop\Open It!.lnk
File Found : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\Extensions\webbooster@iminent.com.xpi
File Found : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\user.js
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\Extensions\webbooster@iminent.com.xpi
File Found : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\searchplugins\Mysearchdial.xml
File Found : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\user.js
File Found : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml
File Found : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Found : C:\Program Files\Mozilla Firefox\nsprotector.js
File Found : C:\Program Files\Mozilla Firefox\user.js
File Found : C:\WINDOWS\system32\dmwu.exe
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\ffxtlbr@iminent.com
Folder Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Found : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Found : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Found C:\Documents and Settings\Admin John\Application Data\0D0S1L2Z1P1B0T1P1B2Z
Folder Found C:\Documents and Settings\Admin John\Application Data\Mysearchdial
Folder Found C:\Documents and Settings\Admin John\Application Data\optimizer pro
Folder Found C:\Documents and Settings\Admin John\Local Settings\Application Data\filetypeassistant
Folder Found C:\Documents and Settings\Admin John\Local Settings\Application Data\jZip
Folder Found C:\Documents and Settings\Admin John\Local Settings\Application Data\Mobogenie
Folder Found C:\Documents and Settings\Admin John\Local Settings\Application Data\Searchprotect
Folder Found C:\Documents and Settings\Admin John\My Documents\Mobogenie
Folder Found C:\Documents and Settings\Admin John\My Documents\optimizer pro
Folder Found C:\Documents and Settings\Admin John\Start Menu\Programs\Mobogenie
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\jZip
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Found C:\Documents and Settings\Jaguer\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Jaguer\Local Settings\Application Data\jZip
Folder Found C:\Documents and Settings\John\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\John_2\Application Data\AVG SafeGuard toolbar
Folder Found C:\Program Files\Common Files\Umbrella
Folder Found C:\Program Files\FindLyrics
Folder Found C:\Program Files\Iminent
Folder Found C:\Program Files\jZip
Folder Found C:\Program Files\LyricsFan
Folder Found C:\Program Files\LyricsWoofer
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\Mysearchdial
Folder Found C:\Program Files\openit
Folder Found C:\Program Files\optimizer pro
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\tuguu sl
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\IminentToolbar
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\LyricsWoofer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8720491-9558-4C0D-9E35-30EED15DFB2B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8720491-9558-4C0D-9E35-30EED15DFB2B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\wnlt
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Found : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcfan@fansoft.br
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Umbrella
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=769084471&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=769084471&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=769084471&ir=

-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\prefs.js ]

Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\prefs.js ]

Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("iminent.enabledAds", "false");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("CT3289847.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\prefs.js ]

Line Found : user_pref("iminent.searchindex", "1");
Line Found : user_pref("iminent.newtabredirect", "true");
Line Found : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

*************************

AdwCleaner[R0].txt - [22314 octets] - [27/12/2013 11:30:53]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22375 octets] ##########



#10 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 27 December 2013 - 03:32 PM

Hi SkinnyTex,

Run Malwarebytes Anti-Rootkit again: Double-click mbar.exe
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.
 

***



Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Run OTL again.
  • Double click on the OTL icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo

    Advertisements

Register to Remove


#11 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 28 December 2013 - 02:08 PM

Jo,

 

No malware found after scan! :)

 

SkinnyTex

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937869312, free: 673824768

Downloaded database version: v2013.12.27.05
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/27/2013 09:28:01
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff8463c540
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff84636c48
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8463cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff84633ce0
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8549f030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path1Target1Lun0\
Lower Device Object: 0xffffffff8546b030
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8549f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8549fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8549f030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff854ebd98, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8546b030, DeviceName: \Device\Scsi\nvgts1Port2Path1Target1Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE8D299C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8463cab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84632738, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8463cab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84633ce0, DeviceName: \Device\0000006b\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8463c540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8462fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8463c540, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84636c48, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Infected: C:\Downloads\Setup.exe --> [Adware.DomaIQ]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE --> [Adware.DomaIQ]
Scan finished
User declined to cleanup malware.
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937869312, free: 533524480

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937869312, free: 729210880

Downloaded database version: v2013.12.27.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
12/27/2013 16:13:42
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff8423d840
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff84295868
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff842384c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff8423c578
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff850799c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path1Target1Lun0\
Lower Device Object: 0xffffffff85090030
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff850799c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85079738, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff850799c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff850d4030, DeviceName: \Device\00000065\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85090030, DeviceName: \Device\Scsi\nvgts1Port2Path1Target1Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE8D299C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff842384c8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84233a40, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff842384c8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8423c578, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8423d840, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84233620, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8423d840, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84295868, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Infected: C:\Downloads\Setup.exe --> [Adware.DomaIQ]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE --> [Adware.DomaIQ]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IBUpdaterService --> [Adware.InstallBrain]
Infected: C:\WINDOWS\system32\dmwu.exe --> [Adware.InstallBrain]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.607000 GHz
Memory total: 937869312, free: 594329600

Could not load protection driver
Downloaded database version: v2013.12.27.07
Downloaded database version: v2013.12.28.01
Downloaded database version: v2013.12.28.02
Downloaded database version: v2013.12.28.03
Downloaded database version: v2013.12.28.04
Downloaded database version: v2013.12.28.05
=======================================
Initializing...
Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR3
Upper Device Object: 0xffffffff842273c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff85071030
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8422dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff84221388
Lower Device Driver Name: \Driver\usbstor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85063720
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port2Path1Target1Lun0\
Lower Device Object: 0xffffffff85064030
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85063720, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85126020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff85063720, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff851349f8, DeviceName: \Device\00000065\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85064030, DeviceName: \Device\Scsi\nvgts1Port2Path1Target1Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AE8D299C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8422dab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff842557d0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8422dab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84221388, DeviceName: \Device\0000006c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff842273c8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84223e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff842273c8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85071030, DeviceName: \Device\0000006d\, DriverName: \Driver\usbstor\
------------ End ----------
Scan finished



#12 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 28 December 2013 - 02:28 PM

Results of AdwCleaner here:

 

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 14:13:23
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin John - JOHNS-E-MACHINE
# Running from : C:\Documents and Settings\Admin John\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ca82e1a5
[#] Service Deleted : CltMngSvc
[#] Service Deleted : SProtection

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\jZip
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it!
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\FindLyrics
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\LyricsFan
Folder Deleted : C:\Program Files\LyricsWoofer
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\Mysearchdial
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Iminent
Folder Deleted : C:\Documents and Settings\John\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\filetypeassistant
Folder Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\jZip
Folder Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Admin John\Application Data\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Documents and Settings\Admin John\Application Data\Mysearchdial
Folder Deleted : C:\Documents and Settings\Admin John\Application Data\optimizer pro
Folder Deleted : C:\Documents and Settings\Admin John\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Documents and Settings\Admin John\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\Admin John\My Documents\optimizer pro
Folder Deleted : C:\Documents and Settings\John_2\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\jZip
Folder Deleted : C:\Documents and Settings\Jaguer\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\ffxtlbr@iminent.com
Folder Deleted : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\mysearchdial-speeddial.crx
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\all-iminent.js
File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js
File Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\searchplugins\iminent.xml
File Deleted : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\StartWeb.xml
File Deleted : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\user.js
File Deleted : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\user.js
File Deleted : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Documents and Settings\John_2\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Documents and Settings\Admin John\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Jaguer\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8720491-9558-4C0D-9E35-30EED15DFB2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8720491-9558-4C0D-9E35-30EED15DFB2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\IminentToolbar
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\LyricsWoofer
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Umbrella
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lrcfan@fansoft.br
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\optimi~1\optpro~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v16.0.2 (en-US)

[ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\1exmm956.default\prefs.js ]

Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("iminent.newtabredirect", "true");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\prefs.js ]

Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("iminent.newtabredirect", "true");
Line Deleted : user_pref("iminent.enabledAds", "false");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("CT3289847.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Jaguer\Application Data\Mozilla\Firefox\Profiles\4qzj026y.default\prefs.js ]

Line Deleted : user_pref("iminent.searchindex", "1");
Line Deleted : user_pref("iminent.newtabredirect", "true");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0BtB0FyBtC0CyEtC0B0FtN0D0Tzu0SyBtByBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

*************************

AdwCleaner[R0].txt - [22456 octets] - [27/12/2013 11:30:53]
AdwCleaner[R1].txt - [22220 octets] - [28/12/2013 14:09:33]
AdwCleaner[S0].txt - [21415 octets] - [28/12/2013 14:13:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21476 octets] ##########



#13 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 28 December 2013 - 02:38 PM

OTL results for you Jo. :

 

 

OTL logfile created on: 12/28/2013 2:32:27 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 711.47 Mb Available Physical Memory | 79.55% Memory free
2.12 Gb Paging File | 2.03 Gb Available in Paging File | 95.78% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 211.03 Gb Free Space | 70.80% Space Free | Partition Type: NTFS

Computer Name: JOHNS-E-MACHINE | User Name: Admin John | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\nvshell.dll ()


========== Services (SafeList) ==========

SRV - (WinkHandler) -- C:\Program Files\Iminent\WinkHandler.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (ac.sharedstore) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe (ActivIdentity)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINJ~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (EZUSB) -- C:\WINDOWS\system32\drivers\ezusb.sys (Castles Technology Co.,Ltd)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{DC13474A-B7FD-4BDA-9AAB-8E676F0726EA}: "URL" = http://www.google.co...1I7AURU_enUS500
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/12 15:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 15:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co: C:\Program Files\LyricsWoofer\116.xpi

[2012/10/14 07:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Extensions
[2013/12/28 14:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions
[2013/06/01 13:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/12/27 11:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin John\Application Data\Mozilla\Firefox\Profiles\z9680u01.default\extensions\staged
[2013/09/20 10:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/22 22:23:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/04/22 22:23:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/24 11:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 11:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 11:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/06/01 13:17:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e83a68e1-91d5-49f7-9269-1fc790510a31.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\RunOnce: [ (A0)] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: army.mil ([owa.usar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: militarycac.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22F63F00-D528-4F14-961C-C58086687AB1}: NameServer = 50.7.75.35,76.73.7.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF2C4811-4F7B-4420-9EF8-1374BACB62B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF2C4811-4F7B-4420-9EF8-1374BACB62B6}: NameServer = 50.7.75.35,76.73.7.74
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll) - C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/12 17:55:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/27 11:30:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/27 11:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\.android
[2013/12/27 11:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Local Settings\Application Data\cache
[2013/12/27 11:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Application Data\newnext.me
[2013/12/27 11:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Local Settings\Application Data\genienext
[2013/12/27 11:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Application Data\DigitalSites
[2013/12/27 10:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/27 10:46:06 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/12/27 10:46:06 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/12/27 10:46:06 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/12/27 10:43:07 | 002,207,528 | ---- | C] (Fusion Install ) -- C:\Documents and Settings\Admin John\Desktop\Setup.exe
[2013/12/27 09:28:01 | 000,104,664 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/27 09:28:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/12/27 09:25:56 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/27 09:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Desktop\mbar
[2013/12/27 09:18:06 | 012,582,688 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Admin John\Desktop\mbar-1.07.0.1008.exe
[2013/12/27 09:08:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/12/26 15:42:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin John\Desktop\HiJackThis.exe
[2013/12/26 15:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/12/26 15:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/12/26 14:58:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin John\Desktop\OTL.exe
[2013/12/26 13:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin John\Application Data\Netgear Live Parental Controls
[2013/12/26 13:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR Live Parental Controls
[2013/12/26 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR Live Parental Controls Management Utility
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/28 14:15:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/28 14:15:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/27 16:13:42 | 000,104,664 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2013/12/27 16:13:07 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/27 11:54:11 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/12/27 11:53:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/27 11:46:46 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/12/27 11:46:43 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 11:45:50 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/27 11:25:31 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Admin John\Desktop\AdwCleaner.exe
[2013/12/27 11:02:50 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2013/12/27 10:43:44 | 002,207,528 | ---- | M] (Fusion Install ) -- C:\Documents and Settings\Admin John\Desktop\Setup.exe
[2013/12/27 09:24:53 | 012,582,688 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Admin John\Desktop\mbar-1.07.0.1008.exe
[2013/12/27 09:16:04 | 000,891,200 | ---- | M] () -- C:\Documents and Settings\Admin John\Desktop\SecurityCheck.exe
[2013/12/26 16:35:12 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 15:45:11 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Admin John\Desktop\dds.scr
[2013/12/26 15:42:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin John\Desktop\HiJackThis.exe
[2013/12/26 14:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin John\Desktop\OTL.exe
[2013/12/26 14:57:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/26 14:42:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/26 14:42:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/26 12:33:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/26 12:28:11 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/12 05:12:57 | 000,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 03:15:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/27 11:25:31 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Admin John\Desktop\AdwCleaner.exe
[2013/12/27 11:02:50 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\Admin John\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2013/12/27 09:16:04 | 000,891,200 | ---- | C] () -- C:\Documents and Settings\Admin John\Desktop\SecurityCheck.exe
[2013/12/26 15:45:10 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Admin John\Desktop\dds.scr
[2013/06/27 15:06:12 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 15:06:13 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/26 15:06:13 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/12 15:06:23 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/12 15:06:23 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/05/30 20:01:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/30 20:01:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/30 20:01:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/30 20:01:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/30 20:01:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/12 02:01:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/04/12 02:01:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/04/12 02:01:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/02/08 04:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/11/12 19:15:19 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/07/22 11:58:56 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Admin John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 03:11:34 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/02/14 18:23:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/17 06:12:01 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Admin John\.recently-used.xbel

========== ZeroAccess Check ==========

[2012/12/19 14:59:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 02:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#14 Jo*

Jo*

    SuperMember

  • Malware Team
  • 1,197 posts

Posted 28 December 2013 - 03:41 PM

Hi SkinnyTex,

now we need to do the following:

1. Java
1.1 Uninstall old Java versions:
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
  • Downloaded Applications
  • Installed Applications and Applets
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.

 

***


2. Malwarebytes' Anti-Malware
Download the free version of Malwarebytes' Anti-Malware and save it to your desktop.
Double-click mbam-setup****.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware.
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply.
Note 1: The log can also be found via the Logs tab when Malwarebytes' Anti-Malware is started.
Note 2: If you receive a notice that some of the items couldn't be removed and they have been added to the delete on reboot list, please reboot.


***


3. ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***


Graduate of the WTT Classroom
Cheers,
Jo

#15 SkinnyTex

SkinnyTex

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts
  • Interests:Web development

Posted 31 December 2013 - 03:23 AM

Jo, I am unable to remove Java in safe mode.  A normal boot hangs up when I attempt to open the applet "Add or Remove Programs" from the control panel.  The screen attempts to load a list of programs but then stops.  How do I proceed from here?

 

SkinnyTex


Related Topics




Also tagged with one or more of these keywords: XP SP3, slow, sluggish

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users