Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blackhole Exploit Kit infection


  • This topic is locked This topic is locked

#16
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the aswMBR result, looks like something was found:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 10:04:46
-----------------------------
10:04:46.265 OS Version: Windows 5.1.2600 Service Pack 3
10:04:46.265 Number of processors: 1 586 0xD08
10:04:46.265 ComputerName: COMPAQLAPTOP UserName: JeffE
10:08:43.015 Initialize success
10:09:10.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:09:10.234 Disk 0 Vendor: WDC_WD3200BEVE-00A0HT0 11.01A11 Size: 305245MB BusType: 3
10:09:10.234 Device \Driver\atapi -> DriverStartIo 86e432c6
10:09:12.281 Disk 0 MBR read successfully
10:09:12.281 Disk 0 MBR scan
10:09:12.281 Disk 0 TDL4@MBR code has been found
10:09:12.281 Disk 0 Windows XP default MBR code found via API
10:09:12.281 Disk 0 MBR hidden
10:09:12.281 Disk 0 MBR [TDL4] **ROOTKIT**
10:09:12.281 Disk 0 trace - called modules:
10:09:12.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86e4349f]<<
10:09:12.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f76ab8]
10:09:12.281 3 CLASSPNP.SYS[f769cfd7] -> nt!IofCallDriver -> \Device\00000088[0x86f01968]
10:09:12.281 5 ACPI.sys[f7513620] -> nt!IofCallDriver -> [0x86f32940]
10:09:12.281 \Driver\atapi[0x86f74930] -> IRP_MJ_CREATE -> 0x86e4349f
10:09:12.281 Scan finished successfully
10:09:41.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\MBR.dat"
10:09:41.640 The log file has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\aswMBR.txt"
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Re-Run aswMBR

Click Scan

On completion of the scanClick the Fix Button. The system may appear to hang for a bit



Posted Image

Save the log as before and post in your next reply
  • 0

#18
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Below is the ComboFix log. It was working away on something. The PC seems to be running considerably faster now, which was teh first thing I had noticed before all this. What's your opinion of antivirus software--is AVG Free still a good package or is there something better. Thanks a ton.



ComboFix 11-11-05.02 - JeffE 11/05/2011 10:56:18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.201 [GMT -7:00]
Running from: c:\documents and settings\JeffE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\ltrm27.exe
c:\data\set.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\JeffE\Application Data\Desktopicon
c:\documents and settings\JeffE\Application Data\Desktopicon\eBay.ico
c:\documents and settings\JeffE\Application Data\Desktopicon\uninst.exe
c:\documents and settings\JeffE\WINDOWS
C:\Install.exe
C:\RHA3.tmp
C:\Thumbs.db
c:\windows\system32\.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 01:07 . 2011-11-05 01:07 -------- d-----w- C:\_OTL
2011-11-04 02:22 . 2011-11-04 03:33 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-29 17:59 . 2011-11-05 04:10 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-26 03:12 . 2011-10-26 03:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-10-26 00:57 . 2011-10-26 00:57 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2003-03-31 19:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2003-03-31 19:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-23 05:26 . 2011-09-23 05:26 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2011-09-23 05:26 . 2011-09-23 05:26 249856 ----a-w- c:\windows\system32\pdfmona.dll
2011-09-13 13:30 . 2010-09-07 10:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2003-03-31 19:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2003-03-31 19:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2010-05-01 22:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-04-28 17:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2003-03-31 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2003-03-31 19:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-08-19 23:33 . 2011-08-30 05:26 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-17 13:49 . 2003-03-31 19:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 13:08 . 2010-09-07 10:48 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2006-12-01 19:54 . 2008-03-20 23:56 90112 ----a-w- c:\program files\FairUseCommander.exe
2004-07-26 11:16 . 2004-07-26 11:16 1117491 ----a-w- c:\program files\dvdshrink32setup.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2003-03-31 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-11-25 16:49 2463048 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-06-23 14:25 191488 ----a-w- c:\program files\Yontoo Layers\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-11-25 2463048]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JeffE\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JeffE\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JeffE\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\JeffE\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"GoodSync"="c:\program files\Siber Systems\GoodSync\GoodSync.exe" [2011-07-20 5382072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-07-19 114688]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 128000]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2010-02-19 241664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^JeffE^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\JeffE\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 05:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-04-13 16:12 88209 ----a-w- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 19:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
2006-03-01 19:58 712704 ----a-w- c:\program files\Maxtor\OneTouch\Utils\OneTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MusicRoom Server]
2011-08-11 22:29 169032 ----a-w- c:\program files\MusicRoom Server\MusicRoomServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2005-10-18 00:24 81920 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-12-21 07:59 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PureSync]
2011-07-20 04:33 833600 ----a-w- c:\program files\PureSync\PureSyncTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-26 19:19 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2004-08-06 15:27 860160 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 16:11 1388544 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sticky Pad]
2007-04-24 06:13 528441 ----a-w- c:\program files\StickyPad\StickyPad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2005-07-04 23:47 184320 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater"=2 (0x2)
"NTService1"=2 (0x2)
"MaxBackServiceInt"=2 (0x2)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Documents and Settings\\JeffE\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Siber Systems\\GoodSync\\GoodSync.exe"=
"c:\\Program Files\\Siber Systems\\GoodSync\\GsExplorer.exe"=
"c:\\Program Files\\Siber Systems\\GoodSync\\Gs-Server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\MusicRoom Server\\MusicRoomServer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"33333:TCP"= 33333:TCP:GoodSync Server incoming connections
"33338:UDP"= 33338:UDP:GoodSync Server LAN discovery
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [8/29/2011 10:26 PM 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 229840]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [7/20/2011 3:00 PM 2674688]
R2 MyDesktopWindows;MyDesktopService;c:\windows\ORCLOBI\MyDesktop\MyDesktopService.exe [5/18/2006 11:12 AM 902656]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\ORCLOBI\MyDesktop\MyDesktopQOS.exe [4/21/2006 12:14 PM 450560]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [12/4/2009 11:53 AM 1694592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2010 6:57 PM 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [10/14/2010 9:29 AM 517448]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/18/2010 6:57 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 5:37 AM 26624]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/3/2011 7:22 PM 111872]
S4 Dhcense;Dhcense; [x]
S4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/1/2011 12:08 PM 246600]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-27 c:\windows\Tasks\GoodSync - Writing.job
- c:\program files\Siber Systems\GoodSync\GoodSync.exe [2011-07-20 22:07]
.
2011-10-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-17 02:10]
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 01:57]
.
2011-09-02 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-19 17:35]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-LoadMSvcmm - c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
AddRemove-eBay Icon - c:\documents and settings\JeffE\Application Data\Desktopicon\uninst.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-05 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?7?4?5??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200BEVE-00A0HT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86E3B2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1454471165-1801674531-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C3E4721F-DB09-8ED5-C7D1-B5111AF0DACD}*]
"oafljjfjoaobjaigacpebighhnfbec"=hex:6a,61,6b,70,70,63,62,65,61,62,66,6a,6a,65,
6d,70,64,6b,67,6b,00,f5
"nahmpnggmhkjkbnfkgajapmfggpf"=hex:6a,61,6b,70,6b,63,6d,63,66,64,62,62,6c,6a,
62,6f,6a,6f,69,62,00,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\documents and settings\JeffE\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Photodex\ProShowGold 3\ScsiAccess.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-11-05 11:56:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-05 18:56
.
Pre-Run: 15,223,353,344 bytes free
Post-Run: 15,862,587,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 867A883BB91ECD31818F37C8C9F044E4
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have the new aswMBR log please
  • 0

#20
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Also, any opinion on browsers? I started using Safari because it seemed much faster, but not sure about security. Firefox seems to get heavier and slower all the time.
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Personally I prefer IE8 :)

Did you run the fix with aswMBR and what are your current problems ?
  • 0

#22
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry, missed your post while ComboFix was running. Here is the aswMBR log:


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 10:04:46
-----------------------------
10:04:46.265 OS Version: Windows 5.1.2600 Service Pack 3
10:04:46.265 Number of processors: 1 586 0xD08
10:04:46.265 ComputerName: COMPAQLAPTOP UserName: JeffE
10:08:43.015 Initialize success
10:09:10.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:09:10.234 Disk 0 Vendor: WDC_WD3200BEVE-00A0HT0 11.01A11 Size: 305245MB BusType: 3
10:09:10.234 Device \Driver\atapi -> DriverStartIo 86e432c6
10:09:12.281 Disk 0 MBR read successfully
10:09:12.281 Disk 0 MBR scan
10:09:12.281 Disk 0 TDL4@MBR code has been found
10:09:12.281 Disk 0 Windows XP default MBR code found via API
10:09:12.281 Disk 0 MBR hidden
10:09:12.281 Disk 0 MBR [TDL4] **ROOTKIT**
10:09:12.281 Disk 0 trace - called modules:
10:09:12.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86e4349f]<<
10:09:12.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f76ab8]
10:09:12.281 3 CLASSPNP.SYS[f769cfd7] -> nt!IofCallDriver -> \Device\00000088[0x86f01968]
10:09:12.281 5 ACPI.sys[f7513620] -> nt!IofCallDriver -> [0x86f32940]
10:09:12.281 \Driver\atapi[0x86f74930] -> IRP_MJ_CREATE -> 0x86e4349f
10:09:12.281 Scan finished successfully
10:09:41.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\MBR.dat"
10:09:41.640 The log file has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 12:09:38
-----------------------------
12:09:38.468 OS Version: Windows 5.1.2600 Service Pack 3
12:09:38.468 Number of processors: 1 586 0xD08
12:09:38.468 ComputerName: COMPAQLAPTOP UserName: JeffE
12:09:44.718 Initialize success
12:09:52.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:09:52.000 Disk 0 Vendor: WDC_WD3200BEVE-00A0HT0 11.01A11 Size: 305245MB BusType: 3
12:09:52.000 Device \Driver\atapi -> DriverStartIo 86e3b2c6
12:09:54.000 Disk 0 MBR read successfully
12:09:54.000 Disk 0 MBR scan
12:09:54.000 Disk 0 TDL4@MBR code has been found
12:09:54.000 Disk 0 Windows XP default MBR code found via API
12:09:54.000 Disk 0 MBR hidden
12:09:54.000 Disk 0 MBR [TDL4] **ROOTKIT**
12:09:54.000 Disk 0 trace - called modules:
12:09:54.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86e3b49f]<<
12:09:54.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8bab8]
12:09:54.000 3 CLASSPNP.SYS[f76b3fd7] -> nt!IofCallDriver -> \Device\00000089[0x86f799e8]
12:09:54.000 5 ACPI.sys[f752a620] -> nt!IofCallDriver -> [0x86f47940]
12:09:54.000 \Driver\atapi[0x86f724b0] -> IRP_MJ_CREATE -> 0x86e3b49f
12:09:54.015 Scan finished successfully
12:10:01.000 Disk 0 MBR read successfully
12:10:01.000 Disk 0 TDL4@MBR code has been found
12:10:01.000 Disk 0 fixing MBR ...
12:10:11.000 Disk 0 MBR restored successfully
12:10:11.000 Verifying disinfection
12:10:23.031 Infection fixed successfully - please reboot ASAP
12:10:45.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\MBR.dat"
12:10:45.843 The log file has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-05 12:09:38
-----------------------------
12:09:38.468 OS Version: Windows 5.1.2600 Service Pack 3
12:09:38.468 Number of processors: 1 586 0xD08
12:09:38.468 ComputerName: COMPAQLAPTOP UserName: JeffE
12:09:44.718 Initialize success
12:09:52.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:09:52.000 Disk 0 Vendor: WDC_WD3200BEVE-00A0HT0 11.01A11 Size: 305245MB BusType: 3
12:09:52.000 Device \Driver\atapi -> DriverStartIo 86e3b2c6
12:09:54.000 Disk 0 MBR read successfully
12:09:54.000 Disk 0 MBR scan
12:09:54.000 Disk 0 TDL4@MBR code has been found
12:09:54.000 Disk 0 Windows XP default MBR code found via API
12:09:54.000 Disk 0 MBR hidden
12:09:54.000 Disk 0 MBR [TDL4] **ROOTKIT**
12:09:54.000 Disk 0 trace - called modules:
12:09:54.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86e3b49f]<<
12:09:54.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f8bab8]
12:09:54.000 3 CLASSPNP.SYS[f76b3fd7] -> nt!IofCallDriver -> \Device\00000089[0x86f799e8]
12:09:54.000 5 ACPI.sys[f752a620] -> nt!IofCallDriver -> [0x86f47940]
12:09:54.000 \Driver\atapi[0x86f724b0] -> IRP_MJ_CREATE -> 0x86e3b49f
12:09:54.015 Scan finished successfully
12:10:01.000 Disk 0 MBR read successfully
12:10:01.000 Disk 0 TDL4@MBR code has been found
12:10:01.000 Disk 0 fixing MBR ...
12:10:11.000 Disk 0 MBR restored successfully
12:10:11.000 Verifying disinfection
12:10:23.031 Infection fixed successfully - please reboot ASAP
12:10:45.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\MBR.dat"
12:10:45.843 The log file has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\aswMBR.txt"
12:10:58.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\MBR.dat"
12:10:58.328 The log file has been saved successfully to "C:\Documents and Settings\JeffE\Desktop\aswMBR.txt"

PC seems to be running better, faster. HD is not churning away as badly.
  • 0

#23
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Not sure now. Hard drive busy again and browser very slow.
  • 0

#24
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ran aswMBR again just to check, came back clean.
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL for me please and then let me know the current problems
  • 0

Advertisements


#26
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the latest OTL log. The computer seems to be running much better and faster. Some of the HD activity may be due to not having a lot of free space.

OTL logfile created on: 11/5/2011 4:48:01 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\JeffE\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.42 Mb Total Physical Memory | 206.11 Mb Available Physical Memory | 20.32% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 14.84 Gb Free Space | 4.98% Space Free | Partition Type: NTFS

Computer Name: COMPAQLAPTOP | User Name: JeffE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\Desktop\OTL.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
PRC - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe
PRC - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/20 15:07:38 | 005,382,072 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
MOD - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/25 09:49:42 | 002,463,048 | ---- | M] () -- C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2010/05/14 12:49:36 | 002,519,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2010/05/14 12:41:42 | 000,708,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2010/05/14 12:38:30 | 006,443,008 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/05/14 12:38:30 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/14 12:38:30 | 000,356,352 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/05/14 12:38:30 | 000,188,416 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/07/30 18:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Dhcense)
SRV - [2011/10/01 12:08:47 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/20 15:00:34 | 002,674,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe -- (GsServer)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/18 12:56:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2007/10/31 13:17:50 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShowGold 3\scsiaccess.exe -- (ScsiAccess)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/23 10:47:23 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/05/18 11:12:54 | 000,902,656 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopService.exe -- (MyDesktopWindows)
SRV - [2006/04/21 12:14:00 | 000,450,560 | ---- | M] (Oracle) [Auto | Running] -- C:\WINDOWS\ORCLOBI\MyDesktop\MyDesktopQOS.exe -- (QOSMyDesktop)
SRV - [2006/02/15 11:56:40 | 000,184,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2006/02/07 16:10:14 | 000,106,496 | ---- | M] ( ) [Disabled | Stopped] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 20:33:26 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/29 13:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/11/20 16:19:48 | 000,034,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2006/11/01 17:14:41 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/10/01 05:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/04/21 17:06:26 | 002,208,512 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/06/10 10:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/04/20 10:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 10:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/04/13 09:12:38 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/06 16:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/31 17:23:08 | 000,109,319 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/26 07:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/04/04 12:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2003/03/05 13:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/09/20 09:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.google....l/?shva=1#inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {efcbec50-6821-11db-bd13-0800200c9a66}:0.6.3.1
FF - prefs.js..extensions.enabledItems: {b243fe83-b8a7-47de-855d-21d865243d5d}:0.6
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:12.0.0.1806

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 09:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/05 08:08:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/13 11:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\AVG\AVG2012\Thunderbird\ [2011/10/01 12:07:13 | 000,000,000 | ---D | M]

[2011/10/30 11:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions
[2010/02/23 07:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JeffE\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/30 11:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/12 17:54:01 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/14 15:52:13 | 000,000,000 | ---D | M] (Folderpane Tools) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{B243FE83-B8A7-47DE-855D-21D865243D5D}
[2010/08/12 14:59:32 | 000,000,000 | ---D | M] (Lightning) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/02/23 16:29:53 | 000,000,000 | ---D | M] (.vcs Support) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\{EFCBEC50-6821-11DB-BD13-0800200C9A66}
[2010/08/14 15:52:20 | 000,000,000 | ---D | M] (ThunderBrowse) -- C:\DOCUMENTS AND SETTINGS\JEFFE\APPLICATION DATA\THUNDERBIRD\PROFILES\ZLUTQFZL.DEFAULT\EXTENSIONS\[email protected]
[2011/10/01 12:07:13 | 000,000,000 | ---D | M] (AVG E-mail Scanner) -- C:\PROGRAM FILES\AVG\AVG2012\THUNDERBIRD
[2006/09/21 13:25:40 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/09/22 11:15:24 | 000,404,992 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/04/14 00:01:38 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\plugins/avgnpss.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Documents and Settings\JeffE\Application Data\Mozilla\plugins\npPxPlay.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: AT_ChuckAnderson = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1320_0\
CHR - Extension: Poppit = C:\Documents and Settings\JeffE\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/11/05 11:43:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKCU..\Run: [GoodSync] C:\Program Files\Siber Systems\GoodSync\GoodSync.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} https://meeting.juni...oterisSetup.cab (NeoterisSetup Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1154490032718 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89C9775-6CB3-4311-9446-ED2004E21E28}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JeffE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/01 17:13:58 | 000,000,000 | R--- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/05 12:23:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 10:40:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 10:32:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 10:32:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 10:32:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 10:32:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 10:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 10:25:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 10:22:16 | 004,283,735 | R--- | C] (Swearware) -- C:\Documents and Settings\JeffE\Desktop\ComboFix.exe
[2011/11/05 10:01:38 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\JeffE\Desktop\aswMBR.exe
[2011/11/04 18:07:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/03 20:48:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JeffE\Desktop\OTL.exe
[2011/11/03 19:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JeffE\Desktop\RK_Quarantine
[2011/10/29 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/25 20:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/10/19 07:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/15 11:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/10/15 11:02:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/10/15 11:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/10/08 11:13:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JeffE\Start Menu\Programs\Administrative Tools
[2009/12/04 11:53:39 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/07/26 04:16:40 | 001,117,491 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink32setup.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/05 13:33:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/05 13:32:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/05 13:18:33 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/11/05 12:10:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\MBR.dat
[2011/11/05 11:56:20 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/11/05 11:56:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2011/11/05 11:43:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 11:33:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 10:40:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/05 10:15:05 | 108,808,689 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/05 00:46:25 | 004,283,735 | R--- | M] (Swearware) -- C:\Documents and Settings\JeffE\Desktop\ComboFix.exe
[2011/11/04 23:38:07 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\Windows XP Tips - Ramesh.url
[2011/11/03 20:33:26 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/11/03 19:31:36 | 000,065,896 | ---- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/01 04:36:53 | 000,730,112 | ---- | M] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/10/30 11:41:53 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/29 15:38:41 | 000,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/29 15:32:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:22:11 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/10/29 14:49:11 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/10/29 11:00:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/28 06:48:59 | 000,207,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/26 17:44:01 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/10/16 06:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JeffE\Desktop\OTL.exe
[2011/10/14 07:39:10 | 000,437,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 07:39:10 | 000,069,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 07:21:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/05 13:18:33 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/11/05 10:40:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/05 10:40:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 10:32:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 10:32:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 10:32:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 10:32:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 10:32:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/05 10:09:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\MBR.dat
[2011/11/04 23:38:07 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\Windows XP Tips - Ramesh.url
[2011/11/04 23:36:32 | 000,007,252 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\admintools.zip
[2011/11/03 19:36:33 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\Desktop\RogueKiller.exe
[2011/11/03 19:32:15 | 000,730,112 | ---- | C] () -- C:\Documents and Settings\JeffE\My Documents\RogueKiller.exe
[2011/11/03 19:22:01 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/30 11:41:53 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Safari.exe.lnk
[2011/10/30 11:34:37 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2011/10/30 11:09:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to wmplayer.exe.lnk
[2011/10/30 11:07:56 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to lightroom.exe.lnk
[2011/10/30 11:07:44 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Photoshop.exe.lnk
[2011/10/30 11:07:23 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WINWORD.EXE.lnk
[2011/10/14 07:18:14 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/09/22 22:26:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/22 22:26:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/08/29 22:26:42 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/08/29 22:26:41 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/02 19:16:56 | 000,011,363 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).CAL
[2010/11/30 22:06:27 | 000,030,334 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\Comma Separated Values (Windows).ADR
[2010/10/14 12:00:17 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/10/14 11:57:48 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010/10/14 11:57:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2010/07/03 13:30:16 | 000,239,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/30 01:19:23 | 000,001,188 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/05/14 11:46:25 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/14 11:31:01 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/03/23 21:36:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/05 17:38:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\prvlcl.dat
[2009/12/04 11:53:38 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/04/11 11:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/24 23:36:29 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/05/12 17:30:03 | 000,065,896 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/20 16:56:26 | 000,090,112 | ---- | C] () -- C:\Program Files\FairUseCommander.exe
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/19 20:44:23 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2007/11/19 20:44:23 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2007/11/19 20:37:49 | 000,038,868 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/11/19 20:37:49 | 000,029,665 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/10/14 16:37:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/10/08 18:06:26 | 000,000,077 | ---- | C] () -- C:\WINDOWS\WBLOCKSP.INI
[2007/10/08 11:18:02 | 000,000,220 | --S- | C] () -- C:\WINDOWS\System32\ss.drv
[2007/10/08 11:17:34 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WB3USER.INI
[2007/06/27 22:32:30 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/06/19 14:51:00 | 000,003,365 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2007/06/09 11:37:30 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2007/04/12 12:02:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/03/29 11:54:43 | 000,002,002 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/19 16:03:58 | 000,004,511 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2007/03/09 11:52:25 | 010,884,472 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/12/27 12:18:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MyDesktopServiceLocal.ini
[2006/12/07 12:35:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\JeffE\Application Data\$_hpcst$.hpc
[2006/11/24 20:03:24 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\JeffE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/20 16:19:48 | 000,034,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter.sys
[2006/11/20 16:19:44 | 000,044,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2006/11/20 16:19:44 | 000,037,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2006/11/20 16:19:42 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2006/11/03 10:39:20 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/21 20:53:41 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/09/18 10:47:21 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/11 12:21:43 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\w32mkde.exe
[2006/09/11 12:21:43 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006/09/07 21:39:22 | 000,000,215 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/02 16:05:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/02 14:05:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/02 14:05:07 | 000,006,461 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/08/02 00:04:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/08/02 00:02:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2006/08/01 23:38:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/01 23:38:54 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/01 23:38:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/01 23:38:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/01 23:38:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/01 21:35:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/01 17:16:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/01 17:10:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/08/01 10:05:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 10:04:12 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/04 10:21:24 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/02/25 23:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2004/01/13 19:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/31 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 12:00:00 | 000,437,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 12:00:00 | 000,069,678 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 11:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 11:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/10/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/10/01 12:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/14 09:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/11 10:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/10/14 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/11 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2010/10/14 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[2006/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/05/17 20:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/05/30 01:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/07/27 18:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/29 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2006/11/27 17:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/05/22 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMall
[2011/11/05 10:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/02 10:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/09 12:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/09/22 22:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/07/18 23:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2010/07/23 15:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/20 23:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/10 22:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/02/05 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/10/14 12:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/10/14 12:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2011/04/17 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2006/09/21 20:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/25 07:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/07 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/11 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/10/11 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2007/01/31 22:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\allTunes
[2011/04/10 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Amazon
[2011/10/01 12:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG2012
[2010/03/02 15:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\AVG9
[2011/09/20 23:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Blackberry Desktop
[2010/10/11 10:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Cakewalk
[2010/06/04 22:32:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Canon
[2010/06/25 16:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/16 21:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.amazon.music.uploader
[2010/06/25 16:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2007/04/03 21:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\dBpoweramp
[2011/08/29 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Dropbox
[2011/11/05 14:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\GoodSync
[2007/11/20 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\gtk-2.0
[2009/08/11 00:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\HotSync
[2006/12/08 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\InterVideo
[2011/08/29 22:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\IObit
[2011/07/22 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Jumping Bytes
[2010/03/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Launchy
[2010/04/22 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Mobipocket
[2006/11/26 18:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Netscape
[2010/02/10 12:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\NVD
[2006/12/16 11:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OfficeUpdate12
[2009/10/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\OpenOffice.org
[2006/12/18 16:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Opera
[2007/10/31 13:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Photodex
[2011/10/11 21:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\PrimoPDF
[2008/04/27 08:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\REAPER
[2011/09/20 23:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Research In Motion
[2006/11/24 20:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Snapfish
[2010/03/01 12:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\SoftGrid Client
[2011/02/06 12:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Spacejock Software
[2010/10/14 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Steinberg
[2011/09/22 22:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TaxCut
[2010/02/23 07:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\Thunderbird
[2010/01/18 17:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\TP
[2011/11/05 13:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\uTorrent
[2010/10/16 18:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\VST3 Presets
[2010/05/27 10:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\W Photo Studio Viewer
[2011/04/14 00:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JeffE\Application Data\WINPUMP
[2011/09/26 19:23:59 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\GoodSync - Writing.job
[2011/11/05 11:56:20 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job

========== Purity Check ==========



< End of report >
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good now - But, you do need at least 15% spare disc space to enable the computer to run smoothly Drive C: | 298.09 Gb Total Space | 14.84 Gb Free Space | 4.98% Space Free | Partition Type: NTFS

I would recommend that you remove or backup items that are rarely used and then run a good defragmenter on your computer. I will now run a final check for orphans before I let you go

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#28
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is the MBAM log. Looks clean! Unbelievable. The laptop's running better than it has in a long long time. Thanks for all the help, this is a fantastic service. I will be making a donation, no question.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8088

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/6/2011 9:39:39 AM
mbam-log-2011-11-06 (09-39-39).txt

Scan type: Quick scan
Objects scanned: 229602
Time elapsed: 16 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats what I like, happiness :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :yes:
  • 0

#30
jeffroZ

jeffroZ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All done. Again, can't thank you enough Essexboy!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP