Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No obvious infections, just a very slow startup [Solved]

Started by njlock , Jan 14 2013 01:04 PM

  • This topic is locked This topic is locked

#1
njlock
Posted 14 January 2013 - 01:04 PM

njlock

    Member

  • Member
  • PipPipPip
  • 353 posts
No obvious infections, just a very slow startup. Probably a lot of startup junk I don't need. I think Carbonite really slows it down. Any suggestions apreciated & welcome. Thanks!

OTL logfile created on: 1/14/2013 1:49:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 54.87% Memory free
5.09 Gb Paging File | 3.64 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.39 Gb Total Space | 185.39 Gb Free Space | 40.09% Space Free | Partition Type: NTFS
Drive D: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 1.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 17.59 Mb Total Space | 17.32 Mb Free Space | 98.42% Space Free | Partition Type: FAT
Unable to calculate disk information.

Computer Name: BOSSSILVERDELL | User Name: DAVID CREIGHTON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 13:48:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\OTL (3).exe
PRC - [2013/01/12 18:50:26 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/12/28 18:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 15:06:36 | 004,137,128 | ---- | M] () -- C:\Program Files\Jawbone\JawboneUpdater.exe
PRC - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/08/29 13:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2012/08/29 13:51:48 | 001,061,960 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2012/06/13 16:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2012/05/14 13:55:06 | 003,150,928 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2011/12/08 11:37:18 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/12/08 11:34:58 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/10/26 08:27:26 | 002,101,760 | ---- | M] () -- C:\INTEGRA\ULTIMATE.EXE
PRC - [2011/10/07 04:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 14:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/04 14:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe
PRC - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
PRC - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2009/04/25 11:54:52 | 005,686,256 | ---- | M] (Essential Fax Software) -- C:\Program Files\EssentialFax\essfax.exe
PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/03/14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/07 19:06:22 | 000,460,392 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/07 19:06:21 | 012,459,624 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/07 19:06:19 | 004,012,648 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/07 19:05:29 | 000,598,120 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/07 19:05:28 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/07 19:05:25 | 001,553,000 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/11/29 15:06:36 | 004,137,128 | ---- | M] () -- C:\Program Files\Jawbone\JawboneUpdater.exe
MOD - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
MOD - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/10/17 15:42:40 | 000,172,032 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/26 08:27:26 | 002,101,760 | ---- | M] () -- C:\INTEGRA\ULTIMATE.EXE
MOD - [2011/10/07 04:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/01/10 08:37:40 | 000,027,648 | ---- | M] () -- C:\WINDOWS\system32\essfaxpm.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/08 22:19:46 | 000,027,648 | ---- | M] () -- C:\WINDOWS\system32\rksfaxpm.dll


========== Services (SafeList) ==========

SRV - [2013/01/12 18:50:26 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/09 11:48:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/29 13:51:48 | 004,643,912 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV - [2011/12/08 11:34:58 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 11:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/04/04 14:45:06 | 001,185,592 | ---- | M] (WH Software Ltd) [Auto | Running] -- C:\Program Files\WH Software\IC\Bin\ICSvr.exe -- (ICDataService)
SRV - [2010/09/13 19:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2009/09/14 04:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 04:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006/03/14 06:22:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\spcstb.sys -- (spcstb)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/29 14:54:54 | 000,042,592 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/06/11 11:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 16:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 16:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/05/16 17:15:44 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2012/01/25 14:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/11/08 13:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/08 04:12:48 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/10/22 12:48:00 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/10/07 12:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/21 21:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/02/17 11:09:38 | 000,197,416 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/10/22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/12/26 02:20:36 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/08/21 13:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/21 13:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/21 13:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/07/16 18:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/05/18 08:48:00 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/14 06:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel)
DRV - [2004/10/15 02:49:22 | 000,029,292 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2003/11/17 13:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 13:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 13:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080617
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=B8DF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\..\SearchScopes,DefaultScope = {8A8501A7-6CEE-41A8-878B-9B2072F6A109}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8A8501A7-6CEE-41A8-878B-9B2072F6A109}: "URL" = http://www.google.co...1I7GGLL_enUS362
IE - HKCU\..\SearchScopes\{D2E02658-0017-47EA-8756-C8CFC85362E7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/06/28 13:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/06/28 13:08:00 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Splendid = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: YouTube = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Autopen - Email Signatures = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmjcoiohflenpehfaalahocpmacjloof\0.8.0.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: LastPass = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\
CHR - Extension: Google Voice (by Google) = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.13.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/11 10:18:31 | 000,444,136 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15281 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: travelers.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelers.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: travelerspc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range37 ([http] in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.1.102:100/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.1.102...VideoViewer.cab (CViewerControl Object)
O16 - DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} http://192.168.1.100/EDVR.CAB (DVR4204 Client Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1221747677171 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.h...nosticsxp2k.cab (Reg Error: Key error.)
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} http://free.aol.com/...5/aolcdt175.cab (CDToolCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F26D0182-6B67-4613-BBAA-934270106655}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/07/16 15:55:09 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 12:04:35 | 000,027,992 | R--- | M] (magicJack L.P.) - K:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 12:04:35 | 000,016,158 | R--- | M] () - K:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 12:04:35 | 000,000,308 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/08/03 12:04:35 | 000,728,816 | R--- | M] (magicJack L.P.) - K:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2009/08/01 16:17:00 | 000,000,270 | ---- | M] () - L:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/12 18:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/12 18:51:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Recent
[2013/01/12 18:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/01/12 18:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/12 18:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/12 18:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Revo Uninstaller
[2013/01/12 13:14:35 | 007,921,688 | ---- | C] (VS Revo Group ) -- C:\RevoUninProSetup.exe
[2013/01/07 13:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Jawbone
[2013/01/07 13:20:40 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2013/01/07 13:20:40 | 000,042,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\libusb0.sys
[2013/01/07 13:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\JawboneUpdater
[2013/01/07 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Jawbone
[2012/12/29 16:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/12/27 08:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\Retrieved Contents
[2012/12/24 14:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2012/12/24 13:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2012/12/24 13:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Western_Digital
[2012/12/24 13:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
[2012/12/24 13:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/12/24 13:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/12/24 11:33:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\LEPAN TEMP
[2012/12/24 10:27:21 | 000,000,000 | ---D | C] -- C:\LEPAN BU
[2012/12/24 10:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Wondershare
[2012/12/24 10:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2012/12/24 10:09:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2012/12/24 10:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Wondershare
[2012/12/24 10:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012/12/24 10:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Wondershare
[2012/12/22 14:39:45 | 000,000,000 | ---D | C] -- C:\INTEGRA
[2012/12/22 09:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2012/12/22 09:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/12/03 09:25:52 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 13:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/14 13:27:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
[2013/01/14 13:01:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 12:01:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 06:27:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
[2013/01/12 18:50:11 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/12 18:39:47 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Revo Uninstaller.lnk
[2013/01/12 18:29:47 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2013/01/12 18:23:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/01/12 18:18:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/12 18:13:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/01/12 18:13:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/12 18:13:26 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 17:22:54 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\SyncToy 2.1.lnk
[2013/01/12 16:59:23 | 000,000,395 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2013/01/12 16:59:11 | 000,000,190 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2013/01/12 16:59:11 | 000,000,127 | ---- | M] () -- C:\WINDOWS\SwDrvs.ini
[2013/01/12 13:14:41 | 007,921,688 | ---- | M] (VS Revo Group ) -- C:\RevoUninProSetup.exe
[2013/01/11 00:29:19 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 00:29:19 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Google Chrome.lnk
[2013/01/09 09:03:36 | 000,528,400 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 09:03:36 | 000,097,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/07 13:20:44 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Jawbone Updater.lnk
[2013/01/02 10:36:03 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/29 16:21:21 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/26 16:05:59 | 000,001,115 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\magicJack.lnk
[2012/12/26 11:03:33 | 000,367,466 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC01589.jpg
[2012/12/24 14:28:30 | 000,000,979 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\WD SmartWare.lnk
[2012/12/24 14:24:04 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WD Security.lnk
[2012/12/24 12:15:43 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/22 16:18:27 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\My Documents.lnk
[2012/12/21 08:41:49 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/19 10:06:08 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zed-BULL.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/12 18:50:11 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/01/12 18:39:47 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Revo Uninstaller.lnk
[2013/01/12 18:29:47 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My LastPass Vault.lnk
[2013/01/07 13:20:44 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\Jawbone Updater.lnk
[2012/12/26 11:03:32 | 000,367,466 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\DSC01589.jpg
[2012/12/24 14:28:30 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\WD SmartWare.lnk
[2012/12/24 13:14:43 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WD Security.lnk
[2012/12/22 16:18:27 | 000,000,378 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\My Documents\My Documents.lnk
[2012/12/22 14:21:51 | 000,002,253 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Desktop\SyncToy 2.1.lnk
[2012/12/22 09:25:37 | 000,002,259 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\SyncToy 2.1.lnk
[2012/12/10 19:49:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/23 10:53:08 | 000,035,196 | ---- | C] () -- C:\WINDOWS\System32\drivers\OldUsbkey.sys
[2012/07/23 10:49:36 | 000,035,196 | ---- | C] () -- C:\WINDOWS\System32\drivers\Usbkey.sys
[2012/07/23 10:49:35 | 000,024,136 | ---- | C] () -- C:\WINDOWS\System32\ppmon.exe
[2012/07/23 10:49:35 | 000,012,480 | ---- | C] () -- C:\WINDOWS\System32\KL2N.DLL
[2012/07/23 10:49:35 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\ppmon.dll
[2012/07/02 11:22:14 | 000,000,198 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2012/03/24 12:27:35 | 000,069,928 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/27 09:54:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/15 22:28:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/26 08:44:00 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/08/27 14:20:42 | 000,716,294 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1034079361-1168208069-412699111-1005-0.dat
[2011/08/27 14:20:41 | 000,318,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/26 09:05:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/08/26 08:20:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/08/26 08:20:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/08/26 08:20:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/08/26 08:20:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/08/26 08:20:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/08/26 08:20:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/08/26 08:20:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/08/26 08:20:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/08/26 08:20:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/08/26 08:20:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/08/26 08:20:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/08/26 08:20:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/08/26 08:20:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/08/26 08:20:30 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/08/26 08:20:30 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/08/26 08:20:30 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/08/26 08:17:31 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF630.ini
[2011/08/20 08:10:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/22 13:13:55 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/07/22 11:44:53 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/06/24 06:10:32 | 000,319,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\TS440Firmware.bin
[2011/06/24 06:10:32 | 000,319,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\TS230Firmware.bin
[2011/06/24 06:10:32 | 000,191,838 | ---- | C] () -- C:\WINDOWS\System32\drivers\CX30Firmware.bin
[2011/06/24 06:10:32 | 000,095,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\TS220Firmware.bin
[2011/04/21 13:49:31 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p17].bmp
[2011/04/21 13:49:27 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p16].bmp
[2011/04/21 13:49:23 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p15].bmp
[2011/04/21 13:49:19 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p14].bmp
[2011/04/21 13:49:15 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p13].bmp
[2011/04/21 13:49:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p12].bmp
[2011/04/21 13:49:06 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p11].bmp
[2011/04/21 13:49:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p10].bmp
[2011/04/21 13:48:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p09].bmp
[2011/04/21 13:48:55 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p08].bmp
[2011/04/21 13:48:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p07].bmp
[2011/04/21 13:48:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p06].bmp
[2011/04/21 13:48:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p05].bmp
[2011/04/21 13:48:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p04].bmp
[2011/04/21 13:48:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0021]-[p03].bmp
[2011/04/21 13:47:47 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p11].bmp
[2011/04/21 13:47:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p10].bmp
[2011/04/21 13:47:40 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p09].bmp
[2011/04/21 13:47:36 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p08].bmp
[2011/04/21 13:47:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p07].bmp
[2011/04/21 13:47:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p06].bmp
[2011/04/21 13:47:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p05].bmp
[2011/04/21 13:47:21 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p04].bmp
[2011/04/21 13:47:17 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p03].bmp
[2011/04/21 13:47:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p02].bmp
[2011/04/21 13:47:10 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0020]-[p01].bmp
[2011/04/21 13:45:32 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p22].bmp
[2011/04/21 13:45:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p21].bmp
[2011/04/21 13:45:25 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p20].bmp
[2011/04/21 13:45:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p19].bmp
[2011/04/21 13:45:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p18].bmp
[2011/04/21 13:45:14 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p17].bmp
[2011/04/21 13:45:11 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p16].bmp
[2011/04/21 13:45:07 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p15].bmp
[2011/04/21 13:45:03 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p14].bmp
[2011/04/21 13:44:59 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p13].bmp
[2011/04/21 13:44:56 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p12].bmp
[2011/04/21 13:44:52 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p11].bmp
[2011/04/21 13:44:48 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p10].bmp
[2011/04/21 13:44:44 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p09].bmp
[2011/04/21 13:44:41 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p08].bmp
[2011/04/21 13:44:37 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p07].bmp
[2011/04/21 13:44:33 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p06].bmp
[2011/04/21 13:44:29 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p05].bmp
[2011/04/21 13:44:26 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p04].bmp
[2011/04/21 13:44:22 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p03].bmp
[2011/04/21 13:44:18 | 002,440,206 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\[j0018]-[p02].bmp
[2011/04/08 11:46:03 | 000,000,071 | R--- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2011/04/08 11:46:00 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\USB_IO.dll
[2010/05/25 14:25:02 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/02/16 08:42:03 | 000,000,289 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\learnburn_usersettings.xml
[2008/11/06 14:32:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\$_hpcst$.hpc
[2008/09/18 10:10:17 | 000,000,224 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\{268EB95C-7C1C-4826-B79E-0E50B1A64C5A}.dss
[2008/06/20 07:14:06 | 000,046,892 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\wklnhst.dat
[2008/06/20 07:07:40 | 000,162,816 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 13:19:33 | 000,005,037 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\powjnvfp.pmy
[2008/06/19 12:10:30 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/11 16:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/06/05 09:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/10 07:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/04/27 08:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alogent
[2010/11/27 13:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2008/09/18 10:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2011/08/26 08:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/01/07 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDSS
[2012/01/21 10:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/07/24 15:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2010/11/20 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2012/11/15 08:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2008/06/17 02:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/12/13 09:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/08 07:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TNL
[2010/12/04 10:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/06/17 02:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/08/20 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebClient2
[2012/12/24 14:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/02/26 08:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WH Software
[2009/03/20 09:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/12/04 09:58:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/04/24 11:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/13 09:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/16 09:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/09 09:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2010/01/10 10:48:23 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009/06/05 09:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\3jam
[2009/06/05 09:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\acccore
[2012/09/22 14:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Advanced Diagnostics
[2011/06/16 09:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Auslogics
[2009/01/19 09:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Blackberry Desktop
[2012/12/07 14:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\calibre
[2008/10/16 07:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Cloudmark
[2013/01/12 18:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Dropbox
[2011/08/26 09:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Epson
[2011/08/19 12:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\GetRightToGo
[2011/01/07 13:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\IDSS
[2011/11/26 08:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\iolo
[2013/01/07 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\JawboneUpdater
[2011/08/26 08:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Leadertech
[2010/12/03 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\licenses
[2012/12/26 16:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\mjusbsp
[2012/11/15 08:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Motorola
[2012/11/15 08:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Motorola Mobility
[2012/08/20 11:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Oracle
[2010/12/03 16:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\PCMM2009
[2010/12/03 16:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\PCMM2010
[2010/04/09 12:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Research In Motion
[2008/10/16 07:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\SPAMfighter
[2011/04/11 16:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TeamViewer
[2008/07/26 10:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Template
[2010/05/25 14:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TNL
[2010/10/22 12:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TrueCrypt
[2010/12/04 09:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\TuneUp Software
[2010/03/30 13:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Windows Desktop Search
[2010/05/04 12:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Windows Search
[2012/12/24 10:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAVID CREIGHTON\Application Data\Wondershare

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 14 January 2013 - 01:10 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
njlock
Posted 14 January 2013 - 02:03 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
thanks Gringo! OK did the dma reset thing and was'nt sure if I did it right, when I save link to desktop and ran it below is what I got.>>

I also looked at the other thing and attempted to do what he showed.

am moving forward with other steps now.





' Visual Basic Script program to reset the DMA status of all ATA drives

' Copyright © 2006 Hans-Georg Michna

' Version 2007-04-04

' Works in Windows XP, probably also in Windows 2000 and NT.
' Does no harm if Windows version is incompatible.

If MsgBox("This program will now reset the DMA status of all ATA drives with Windows drivers." _
& vbNewline & "Windows will redetect the status after the next reboot, therefore this procedure" _
& vbNewline & "should be harmless.", _
vbOkCancel, "Program start message") _
= vbOk Then

RegPath = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\"
ValueName1Master = "MasterIdDataChecksum"
ValueName1Slave = "SlaveIdDataChecksum"
ValueName2Master = "UserMasterDeviceTimingModeAllowed"
ValueName2Slave = "UserSlaveDeviceTimingModeAllowed"
ValueName3 = "ResetErrorCountersOnSuccess"
MessageText = "The following ATA channels have been reset:"
MessageTextLen0 = Len(MessageText)
ConsecutiveMisses = 0
Set WshShell = WScript.CreateObject("WScript.Shell")

For i = 0 to 999
RegSubPath = Right("000" & i, 4) & "\"

' Master

Err.Clear
On Error Resume Next
WshShell.RegRead RegPath & RegSubPath & ValueName1Master
errMaster = Err.Number
On Error Goto 0
If errMaster = 0 Then
On Error Resume Next
WshShell.RegDelete RegPath & RegSubPath & ValueName1Master
WshShell.RegDelete RegPath & RegSubPath & ValueName2Master
On Error Goto 0
MessageText = MessageText & vbNewLine & "Master"
End If

' Slave

Err.Clear
On Error Resume Next
WshShell.RegRead RegPath & RegSubPath & ValueName1Slave
errSlave = Err.Number
On Error Goto 0
If errSlave = 0 Then
On Error Resume Next
WshShell.RegDelete RegPath & RegSubPath & ValueName1Slave
WshShell.RegDelete RegPath & RegSubPath & ValueName2Slave
On Error Goto 0
If errMaster = 0 Then
MessageText = MessageText & " and "
Else
MessageText = MessageText & vbNewLine
End If
MessageText = MessageText & "Slave"
End If

If errMaster = 0 Or errSlave = 0 Then
On Error Resume Next
WshShell.RegWrite RegPath & RegSubPath & ValueName3, 1, "REG_DWORD"
On Error Goto 0
ChannelName = "unnamed channel " & Left(RegSubPath, 4)
On Error Resume Next
ChannelName = WshShell.RegRead(RegPath & RegSubPath & "DriverDesc")
On Error Goto 0
MessageText = MessageText & " of " & ChannelName & ";"
ConsecutiveMisses = 0
Else
ConsecutiveMisses = ConsecutiveMisses + 1
If ConsecutiveMisses >= 32 Then Exit For ' Don't search unnecessarily long.
End If
Next ' i

If Len(MessageText) <= MessageTextLen0 Then
MessageText = "No resettable ATA channels with Windows drivers found. Nothing changed."
Else
MessageText = MessageText & vbNewline _
& "Please reboot now to reset and redetect the DMA status."
End If

MsgBox MessageText, vbOkOnly, "Program finished normally"

End If ' MsgBox(...) = vbOk

' End of Visual Basic Script program
  • 0

#4
njlock
Posted 14 January 2013 - 02:19 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
# AdwCleaner v2.105 - Logfile created 01/14/2013 at 15:08:29
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : DAVID CREIGHTON - BOSSSILVERDELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\DAVID CREIGHTON\My Documents\Downloads\adwcleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/1/#inbox", "hxxps://mail.go[...]
Deleted [l.2397] : urls_to_restore_on_startup = [ "hxxps://mail.google.com/mail/u/1/#inbox", "hxxps://mail.googl[...]

*************************

AdwCleaner[S1].txt - [6511 octets] - [12/01/2013 18:11:19]
AdwCleaner[S2].txt - [1033 octets] - [14/01/2013 15:08:29]

########## EOF - C:\AdwCleaner[S2].txt - [1093 octets] ##########
  • 0

#5
njlock
Posted 14 January 2013 - 02:24 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : DAVID CREIGHTON [Admin rights]
Mode : Remove -- Date : 01/14/2013 15:21:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B0 +++++
--- User ---
[MBR] ee511fd5ea8c1f5a39a00e0ef556882c
[BSP] dfe4c0bfa859120fb83a6a1aa43abcee : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 473486 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 969844050 | Size: 3380 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01142013_02d1521.txt >>
RKreport[1]_S_01142013_02d1521.txt ; RKreport[2]_D_01142013_02d1521.txt
  • 0

#6
gringo_pr
Posted 14 January 2013 - 02:29 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
njlock
Posted 14 January 2013 - 02:47 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ComboFix 13-01-14.01 - DAVID CREIGHTON 01/14/2013 15:35:08.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2462 [GMT -5:00]
Running from: c:\documents and settings\DAVID CREIGHTON\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\DAVID CREIGHTON\My Documents\Readiris.DUS
c:\windows\EventSystem.log
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\default_user_class.dat.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 20:14 . 2013-01-14 20:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{193F327A-AE2F-4933-81C5-F67FEF859351}\MpKslf09fba45.sys
2013-01-13 23:24 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{193F327A-AE2F-4933-81C5-F67FEF859351}\mpengine.dll
2013-01-12 23:52 . 2013-01-12 23:52 -------- d-----w- c:\program files\Common Files\Java
2013-01-12 23:51 . 2013-01-12 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-12 23:51 . 2013-01-12 23:50 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 23:49 . 2013-01-12 23:50 -------- d-----w- c:\program files\CCleaner
2013-01-12 23:39 . 2013-01-12 23:39 -------- d-----w- c:\program files\VS Revo Group
2013-01-12 18:14 . 2013-01-12 18:14 7921688 ----a-w- C:\RevoUninProSetup.exe
2013-01-12 15:00 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 18:20 . 2012-11-29 19:54 67680 ----a-w- c:\windows\system32\libusb0.dll
2013-01-07 18:20 . 2012-11-29 19:54 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2013-01-07 18:20 . 2013-01-07 18:20 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Application Data\JawboneUpdater
2013-01-07 18:20 . 2013-01-07 18:20 -------- d-----w- c:\program files\Jawbone
2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\program files\Dropbox
2012-12-24 18:14 . 2012-12-24 18:14 -------- d-----w- c:\program files\Common Files\Western Digital
2012-12-24 18:12 . 2012-12-24 18:12 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Western_Digital
2012-12-24 18:06 . 2012-12-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2012-12-24 18:06 . 2012-12-24 18:28 -------- d-----w- c:\program files\Western Digital
2012-12-24 15:27 . 2012-12-24 15:30 -------- d-----w- C:\LEPAN BU
2012-12-24 15:09 . 2012-12-24 15:09 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Wondershare
2012-12-24 15:09 . 2012-12-24 15:09 -------- d-----w- c:\program files\Common Files\Wondershare
2012-12-24 15:09 . 2012-12-24 15:34 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Application Data\Wondershare
2012-12-24 15:09 . 2012-12-24 18:10 -------- d-----w- c:\program files\Wondershare
2012-12-22 19:39 . 2013-01-14 20:28 -------- d-----w- C:\INTEGRA
2012-12-22 18:49 . 2005-10-07 01:06 861936 ----a-w- C:\WindowsXP-KB904423-x86-ENU.exe
2012-12-22 14:25 . 2012-12-22 14:25 -------- d-----w- c:\program files\SyncToy 2.1
2012-12-22 14:24 . 2012-12-22 14:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 23:50 . 2012-08-20 16:12 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-12 23:50 . 2011-03-23 17:59 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 16:48 . 2012-04-11 12:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 16:48 . 2011-06-15 12:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-11 21:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-01-21 16:39 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-11 21:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01 . 2007-05-15 19:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-11 21:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 21:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 21:00 385024 ------w- c:\windows\system32\html.iec
2012-09-07 13:44 . 2010-12-03 14:25 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-07-16 16132608]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
.
c:\documents and settings\DAVID CREIGHTON\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
"EssentialFax"="c:\program files\EssentialFax\essfax.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EPSON WorkForce 630 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "c:\windows\TEMP\E_SFE.tmp" /EF "HKCU"
"WorkForce 630(Network)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "c:\docume~1\DAVIDC~1\LOCALS~1\Temp\E_S118C.tmp" /EF "HKCU"
"Google Update"="c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"cdloader"="c:\documents and settings\DAVID CREIGHTON\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"PMX Daemon"=ICO.EXE
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"HostManager"=c:\program files\Common Files\AOL\1214860790\ee\AOLSoftware.exe
"RKS Fax Print Controller"="c:\program files\RKS Fax\rksfax_control.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe"
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CMS"="c:\program files\CMS\EXE\Open.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"WD Drive Unlocker"=c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe
"WD Quick View"=c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1214860790\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kaba\\E-Plex PC M-Unit\\EplexPCMU.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30630:TCP"= 30630:TCP:InstaCode
.
R1 MpKslf09fba45;MpKslf09fba45;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{193F327A-AE2F-4933-81C5-F67FEF859351}\MpKslf09fba45.sys [1/14/2013 3:14 PM 29904]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/26/2011 9:21 AM 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/26/2011 9:21 AM 121856]
R2 ICDataService;IC Data Server;c:\program files\WH Software\IC\Bin\ICSvr.exe [3/26/2010 5:48 AM 1185592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5/29/2012 10:01 AM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 10:55 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2012 11:39 AM 682344]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 11:34 AM 1527104]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [9/19/2012 9:02 PM 248248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2012 11:39 AM 21104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 12:34 PM 10064]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [9/19/2012 9:10 PM 1157056]
S2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [9/19/2012 9:10 PM 1177536]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [11/15/2012 8:23 AM 6016]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [4/8/2011 11:45 AM 29292]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [1/7/2013 1:20 PM 42592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/15/2012 8:23 AM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/15/2012 8:23 AM 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [11/15/2012 8:23 AM 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [11/15/2012 8:23 AM 11008]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [6/17/2008 1:40 AM 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [6/17/2008 1:40 AM 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [6/17/2008 1:40 AM 235616]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/28/2012 7:54 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF09FBA45
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:48]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-03 12:36]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-03 12:36]
.
2013-01-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2013-01-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.1.102:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.1.102:100/VideoViewer.cab
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.100/EDVR.CAB
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2013-01-14 15:44:44
ComboFix-quarantined-files.txt 2013-01-14 20:44
.
Pre-Run: 198,978,539,520 bytes free
Post-Run: 198,789,095,424 bytes free
.
- - End Of File - - 2FD2358CD4A76B7465EF5863F39B8A7E
  • 0

#8
njlock
Posted 14 January 2013 - 03:04 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Running fine except for the long restart, just about 10 minutes before I do anything. Again, I think carbonite is mostly to blame? then maybe dropbox? and I have tuneup utilities, that I've been told is next to useless, your opinion pls? seems like they all fight to load on restart, and I can't do anything till everything is up?

if you agree with my carbonite acessment anything I can do about it?
any startups I can thin out?


thx
  • 0

#9
gringo_pr
Posted 14 January 2013 - 03:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings njlock

Are things doing any better?

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#10
njlock
Posted 14 January 2013 - 03:29 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
seems to be running fine, just the slowwwwwww startup,

ComboFix 13-01-14.01 - DAVID CREIGHTON 01/14/2013 16:13:11.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2435 [GMT -5:00]
Running from: c:\documents and settings\DAVID CREIGHTON\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DAVID CREIGHTON\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 21:02 . 2013-01-14 21:02 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B79B659-A4B7-47B0-894E-686A56B42EAD}\offreg.dll
2013-01-14 20:55 . 2013-01-14 20:55 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B79B659-A4B7-47B0-894E-686A56B42EAD}\MpKsl5763a820.sys
2013-01-14 20:46 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B79B659-A4B7-47B0-894E-686A56B42EAD}\mpengine.dll
2013-01-12 23:52 . 2013-01-12 23:52 -------- d-----w- c:\program files\Common Files\Java
2013-01-12 23:51 . 2013-01-12 23:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-12 23:51 . 2013-01-12 23:50 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 23:49 . 2013-01-12 23:50 -------- d-----w- c:\program files\CCleaner
2013-01-12 23:39 . 2013-01-12 23:39 -------- d-----w- c:\program files\VS Revo Group
2013-01-12 18:14 . 2013-01-12 18:14 7921688 ----a-w- C:\RevoUninProSetup.exe
2013-01-12 15:00 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 18:20 . 2012-11-29 19:54 67680 ----a-w- c:\windows\system32\libusb0.dll
2013-01-07 18:20 . 2012-11-29 19:54 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2013-01-07 18:20 . 2013-01-07 18:20 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Application Data\JawboneUpdater
2013-01-07 18:20 . 2013-01-07 18:20 -------- d-----w- c:\program files\Jawbone
2012-12-29 21:21 . 2012-12-29 21:21 -------- d-----w- c:\program files\Dropbox
2012-12-24 18:14 . 2012-12-24 18:14 -------- d-----w- c:\program files\Common Files\Western Digital
2012-12-24 18:12 . 2012-12-24 18:12 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Western_Digital
2012-12-24 18:06 . 2012-12-24 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2012-12-24 18:06 . 2012-12-24 18:28 -------- d-----w- c:\program files\Western Digital
2012-12-24 15:27 . 2012-12-24 15:30 -------- d-----w- C:\LEPAN BU
2012-12-24 15:09 . 2012-12-24 15:09 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Wondershare
2012-12-24 15:09 . 2012-12-24 15:09 -------- d-----w- c:\program files\Common Files\Wondershare
2012-12-24 15:09 . 2012-12-24 15:34 -------- d-----w- c:\documents and settings\DAVID CREIGHTON\Application Data\Wondershare
2012-12-24 15:09 . 2012-12-24 18:10 -------- d-----w- c:\program files\Wondershare
2012-12-22 19:39 . 2013-01-14 20:28 -------- d-----w- C:\INTEGRA
2012-12-22 18:49 . 2005-10-07 01:06 861936 ----a-w- C:\WindowsXP-KB904423-x86-ENU.exe
2012-12-22 14:25 . 2012-12-22 14:25 -------- d-----w- c:\program files\SyncToy 2.1
2012-12-22 14:24 . 2012-12-22 14:24 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 23:50 . 2012-08-20 16:12 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-12 23:50 . 2011-03-23 17:59 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 16:48 . 2012-04-11 12:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 16:48 . 2011-06-15 12:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-11 21:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-01-21 16:39 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-11 21:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 16:29 . 2012-11-08 16:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:01 . 2007-05-15 19:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-11 21:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-11 21:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-11 21:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-11 21:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-11 21:00 385024 ------w- c:\windows\system32\html.iec
2012-09-07 13:44 . 2010-12-03 14:25 10974280 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 18:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-07-16 16132608]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
.
c:\documents and settings\DAVID CREIGHTON\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DAVID CREIGHTON\Application Data\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US
"EssentialFax"="c:\program files\EssentialFax\essfax.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"EPSON WorkForce 630 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "c:\windows\TEMP\E_SFE.tmp" /EF "HKCU"
"WorkForce 630(Network)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBA.EXE /FU "c:\docume~1\DAVIDC~1\LOCALS~1\Temp\E_S118C.tmp" /EF "HKCU"
"Google Update"="c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"cdloader"="c:\documents and settings\DAVID CREIGHTON\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"PMX Daemon"=ICO.EXE
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"HostManager"=c:\program files\Common Files\AOL\1214860790\ee\AOLSoftware.exe
"RKS Fax Print Controller"="c:\program files\RKS Fax\rksfax_control.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Essential Fax Print Controller"="c:\program files\EssentialFax\essfaxcontrol.exe"
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"CMS"="c:\program files\CMS\EXE\Open.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"WD Drive Unlocker"=c:\program files\Western Digital\WD Security\WDDriveAutoUnlock.exe
"WD Quick View"=c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1214860790\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Kaba\\E-Plex PC M-Unit\\EplexPCMU.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\DAVID CREIGHTON\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Jawbone\\JawboneUpdater.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30630:TCP"= 30630:TCP:InstaCode
.
R1 MpKsl5763a820;MpKsl5763a820;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4B79B659-A4B7-47B0-894E-686A56B42EAD}\MpKsl5763a820.sys [1/14/2013 3:55 PM 29904]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [8/26/2011 9:21 AM 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/26/2011 9:21 AM 121856]
R2 ICDataService;IC Data Server;c:\program files\WH Software\IC\Bin\ICSvr.exe [3/26/2010 5:48 AM 1185592]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5/29/2012 10:01 AM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/15/2012 10:55 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2012 11:39 AM 682344]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 11:34 AM 1527104]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [9/19/2012 9:02 PM 248248]
R2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [9/19/2012 9:10 PM 1177536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2012 11:39 AM 21104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 12:34 PM 10064]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [9/19/2012 9:10 PM 1157056]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [11/15/2012 8:23 AM 6016]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [4/8/2011 11:45 AM 29292]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [1/7/2013 1:20 PM 42592]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/15/2012 8:23 AM 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/15/2012 8:23 AM 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [11/15/2012 8:23 AM 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [11/15/2012 8:23 AM 11008]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [6/17/2008 1:40 AM 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [6/17/2008 1:40 AM 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [6/17/2008 1:40 AM 235616]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [8/28/2012 7:54 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL5763A820
*NewlyCreated* - WS2IFSL
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:48]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 15:51]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005Core.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-03 12:36]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1034079361-1168208069-412699111-1005UA.job
- c:\documents and settings\DAVID CREIGHTON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-03 12:36]
.
2013-01-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2013-01-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
Trusted Zone: travelers.com
Trusted Zone: travelerspc.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.1.102:100/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.1.102:100/VideoViewer.cab
DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.100/EDVR.CAB
DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 16:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,06,31,1e,2e,eb,43,04,47,99,52,41,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2013-01-14 16:21:52
ComboFix-quarantined-files.txt 2013-01-14 21:21
ComboFix2.txt 2013-01-14 20:44
.
Pre-Run: 199,104,172,032 bytes free
Post-Run: 198,770,262,016 bytes free
.
- - End Of File - - 05CB57A290AE88F57E6FDBEF385BED8A
  • 0

Advertisements

#11
gringo_pr
Posted 14 January 2013 - 03:38 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
njlock
Posted 14 January 2013 - 04:01 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
32 Bit HP CIO Components Installer
AD Loader
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 7
AnswerWorks 5.0 English Runtime
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
Autotel
Bonjour
bpd_scan
BPDSoftware
calibre
Call of Duty® 2
Call of Duty® 4 - Modern Warfare™
Carbonite
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 8
CHSKIM
CMS
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Cool Timer 3.7
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
Digital Line Detect
Documentation & Support Launcher
Dropbox
E-Plex PC M-Unit
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Software
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
eReg
EssentialFax
FTDI USB Serial Converter Drivers
Games, Music, & Photos Launcher
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InstaCode
Intel® PRO Network Connections Drivers
IRIScan Book 2
IRIScan Book 2 Control Panel
iTunes
Jasc Paint Shop Photo Album
Java 7 Update 10
Java Auto Updater
Jawbone Updater
Jewel Quest
KeylessRide Learn and Burn
LastPass(uninstall only)
Learn and Burn
LG Verizon United Drivers
Locksmith Connect
Logitech SetPoint 6.32
M.Y.O.B. Plus
magicJack
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel 97
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Diagnostic Tool
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
Mouse Suite for Desktop Computers
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser (KB933579)
MYOB Plus V12
OGA Notifier 2.0.0048.0
Pagis Viewer 2.0
Panini 3.3.1 Universal Installer
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
Quicken 2011
QuickTime
Readiris Pro 12 for IRIScan Book 2
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Revo Uninstaller 1.94
RKS Fax
Roxio Media Manager
Scanner Controller Web Client
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sentinel Protection Installer 7.2.2
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Strattec Part Search
SyncToy 2.1 (x86)
Toolbox
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
WD Security
WD SmartWare
WebFldrs XP
Windows Driver Package - Advanced Diagnostics AD100 Pro Driver Package (03/18/2011 2.08.14)
Windows Driver Package - Advanced Diagnostics AD100 Pro Driver Package (05/19/2006 2.00.00)
Windows Driver Package - Digital Check Corporation (TSUSB2) USB (01/08/2007 1.10.0000)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Wolfenstein
Zed-BULL
  • 0

#13
gringo_pr
Posted 14 January 2013 - 04:22 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#14
njlock
Posted 14 January 2013 - 04:32 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
OK Gringo, Its time for this gringo to go home, I'll work on this tomorrow, It's Awesome how great you've been helping me! Thanks a million.
  • 0

#15
gringo_pr
Posted 14 January 2013 - 04:48 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
OK see you then



griongo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP