Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware info from NotePad. I need help. [Solved]

Started by itsmesunny , Jun 13 2014 12:54 PM

This topic is locked

#106
Essexboy

Posted 01 July 2014 - 10:36 AM

GeekU Moderator

Retired Staff
69,964 posts

Yes right click the orange blob near the clock and select Avast shield control > Disable until reboot

Combofix will say it is still running but you can ignore that

#107
itsmesunny

Posted 01 July 2014 - 10:47 AM

Member

Topic Starter
Member
307 posts

OK!

Here ya go:

ComboFix 14-06-30.01 - User 07/01/2014 12:22:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.321 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\2308189059
c:\documents and settings\All Users\Application Data\2308189059\BIT5D.tmp
c:\documents and settings\User\WINDOWS
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-01 to 2014-07-01 )))))))))))))))))))))))))))))))
.
.
2014-06-30 19:30 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\system32\sqlite3.dll
2014-06-30 19:28 . 2014-06-30 19:28   --------   d-----w-   c:\program files\Unchecky
2014-06-30 18:44 . 2014-06-30 18:44   --------   d-----w-   c:\program files\predm
2014-06-30 17:50 . 2014-06-30 17:50   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\freeSOFTtoday
2014-06-30 17:46 . 2014-07-01 11:51   --------   d-----w-   c:\program files\globalUpdate
2014-06-30 17:46 . 2014-06-30 17:46   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\globalUpdate
2014-06-30 17:44 . 2014-06-30 17:50   --------   d-----w-   c:\program files\Optimizer Pro
2014-06-30 17:43 . 2014-06-30 17:48   --------   d-----w-   c:\program files\MyPC Backup
2014-06-30 17:42 . 2014-06-30 17:42   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Weather_Notifications,_LL
2014-06-30 17:42 . 2014-07-01 16:36   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\fst_us_130
2014-06-30 17:41 . 2014-07-01 16:39   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts
2014-06-30 17:40 . 2014-06-30 17:46   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\SearchProtect
2014-06-30 16:43 . 2014-06-30 16:43   --------   d-----w-   C:\_OTL
2014-06-26 20:42 . 2014-06-26 20:42   --------   d-----w-   c:\documents and settings\User\Application Data\AVAST Software
2014-06-26 20:34 . 2014-06-26 20:34   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2014-06-26 20:34 . 2014-06-26 20:40   777488   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2014-06-26 20:34 . 2014-06-26 20:34   180632   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2014-06-26 20:34 . 2014-06-26 20:40   411680   ----a-w-   c:\windows\system32\drivers\aswsp.sys
2014-06-26 20:34 . 2014-06-26 20:34   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2014-06-26 20:34 . 2014-06-26 20:40   54832   ----a-w-   c:\windows\system32\drivers\aswrdr.sys
2014-06-26 20:34 . 2014-06-26 20:34   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2014-06-26 20:34 . 2014-06-26 20:34   24184   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2014-06-26 20:33 . 2014-06-26 20:33   43152   ----a-w-   c:\windows\avastSS.scr
2014-06-25 15:55 . 2014-06-25 15:55   --------   d-----w-   c:\windows\ERUNT
2014-06-25 15:28 . 2014-07-01 14:08   --------   d-----w-   C:\AdwCleaner
2014-06-23 22:06 . 2014-06-25 17:01   --------   d-----w-   C:\FRST
2014-06-13 17:17 . 2014-06-26 21:31   --------   d-----w-   c:\program files\pcmax
2014-06-12 23:10 . 2014-06-12 23:10   --------   d-----w-   c:\documents and settings\User\Application Data\Dell
2014-06-12 23:10 . 2014-06-12 23:10   --------   d-----w-   c:\program files\Dell Support Center
2014-06-12 22:53 . 2014-06-12 22:53   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-06-12 19:52 . 2014-06-12 23:10   --------   d-----w-   c:\program files\My Dell
2014-06-12 19:49 . 2014-06-23 21:52   --------   d-----w-   C:\temp
2014-06-09 15:46 . 2014-06-09 15:46   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-09 12:06 . 2012-06-02 19:18   275696   ----a-w-   c:\windows\system32\mucltui.dll
2014-06-09 12:06 . 2012-06-02 19:18   214256   ----a-w-   c:\windows\system32\muweb.dll
2014-06-08 23:06 . 2014-06-08 23:06   --------   d-----w-   c:\program files\Microsoft Silverlight
2014-06-08 14:33 . 2014-06-08 14:33   --------   d--h--w-   c:\windows\PIF
2014-06-07 15:12 . 2014-06-07 15:12   --------   d-----w-   c:\program files\Enigma Software Group
2014-06-07 15:11 . 2014-06-07 15:11   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2014-06-07 14:07 . 2014-06-07 14:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-07 00:56 . 2014-06-07 00:56   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Local_Weather_LLC
2014-06-06 21:37 . 2014-06-07 01:11   --------   d-----w-   c:\documents and settings\User\Application Data\HpUpdate
2014-06-06 21:37 . 2014-06-06 21:37   --------   d-----w-   c:\windows\Hewlett-Packard
2014-06-06 17:06 . 2014-06-06 21:32   --------   d-----w-   c:\documents and settings\User\Application Data\Apple Computer
2014-06-06 16:30 . 2014-06-06 16:30   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Apple
2014-06-06 16:30 . 2014-06-06 16:30   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2014-06-06 16:14 . 2014-06-06 16:14   --------   d-----w-   c:\documents and settings\User\.swt
2014-06-06 16:13 . 2014-06-08 15:23   --------   d-----w-   c:\documents and settings\User\Application Data\Azureus
2014-06-06 14:51 . 2014-06-06 14:51   --------   d-----w-   c:\documents and settings\User\Application Data\Windows Search
2014-06-06 14:43 . 2008-04-14 00:12   221184   ----a-w-   c:\windows\system32\wmpns.dll
2014-06-06 14:15 . 2014-06-30 17:48   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
2014-06-06 13:15 . 2014-06-06 13:15   --------   d-----w-   c:\windows\system32\winrm
2014-06-06 13:15 . 2014-06-06 13:15   --------   dc-h--w-   c:\windows\$968930Uinstall_KB968930$
2014-06-06 13:14 . 2014-06-06 13:14   --------   d-----w-   c:\documents and settings\User\Application Data\Windows Desktop Search
2014-06-06 13:13 . 2014-06-06 14:20   --------   d-----w-   c:\program files\Windows Desktop Search
2014-06-06 13:13 . 2014-06-06 13:13   --------   d-----w-   c:\windows\system32\GroupPolicy
2014-06-06 13:11 . 2008-03-07 17:02   98304   -c----w-   c:\windows\system32\dllcache\nlhtml.dll
2014-06-06 13:11 . 2008-03-07 17:02   29696   -c----w-   c:\windows\system32\dllcache\mimefilt.dll
2014-06-06 13:11 . 2008-03-07 17:02   192000   -c----w-   c:\windows\system32\dllcache\offfilt.dll
2014-06-06 13:10 . 2014-06-06 13:10   --------   d-----w-   c:\windows\system32\URTTEMP
2014-06-06 12:40 . 2014-06-08 22:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-06-06 12:39 . 2014-06-08 22:48   --------   d-----w-   c:\program files\Lavasoft
2014-06-06 12:34 . 2014-06-06 12:42   --------   d-----w-   c:\documents and settings\User\Application Data\LavasoftStatistics
2014-06-06 12:31 . 2014-06-06 12:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2014-06-06 12:17 . 2014-06-06 12:17   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2014-06-06 12:17 . 2014-06-06 12:17   --------   d--h--w-   c:\documents and settings\All Users\Common Files
2014-06-06 12:15 . 2014-06-06 12:15   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2014-06-06 00:17 . 2014-06-13 15:10   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2014-06-06 00:17 . 2014-06-06 00:17   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-06-06 00:17 . 2014-06-13 15:26   --------   d-----w-   c:\program files\DriverUpdate
2014-06-05 19:40 . 2014-06-05 19:40   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Mozilla
2014-06-05 19:40 . 2014-06-24 14:09   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2014-06-05 19:05 . 2014-06-13 01:14   --------   d-----w-   c:\documents and settings\User\Application Data\IDM2
2014-06-05 18:52 . 2014-06-12 23:03   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Deployment
2014-06-05 18:30 . 2014-06-13 01:25   --------   d-----w-   c:\windows\system32\MRT
2014-06-05 17:47 . 2013-07-03 02:12   25088   -c----w-   c:\windows\system32\dllcache\hidparse.sys
2014-06-05 17:44 . 2013-07-17 00:58   123008   -c----w-   c:\windows\system32\dllcache\usbvideo.sys
2014-06-05 17:43 . 2014-02-26 01:59   13312   -c----w-   c:\windows\system32\dllcache\xp_eos.exe
2014-06-05 17:43 . 2014-02-26 01:59   13312   ------w-   c:\windows\system32\xp_eos.exe
2014-06-05 17:43 . 2013-08-09 00:55   144128   -c----w-   c:\windows\system32\dllcache\usbport.sys
2014-06-05 17:43 . 2013-08-09 00:55   5376   -c----w-   c:\windows\system32\dllcache\usbd.sys
2014-06-05 17:43 . 2009-03-18 11:02   30336   -c----w-   c:\windows\system32\dllcache\usbehci.sys
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   c:\windows\Sun
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   C:\Users
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   c:\program files\Common Files\Java
2014-06-05 17:37 . 2014-05-07 18:42   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-06-05 17:37 . 2014-05-07 19:02   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 21:49 . 2013-02-22 20:32   699056   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-06-26 21:49 . 2013-02-22 20:32   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-26 20:34 . 2014-06-26 20:34   776976   ----a-w-   c:\windows\system32\drivers\aswsnx.sys.1403815204015
2014-06-26 20:34 . 2014-06-26 20:34   54832   ----a-w-   c:\windows\system32\drivers\aswrdr.sys.1403815204015
2014-06-26 20:33 . 2013-03-21 18:07   271264   ----a-w-   c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-26 20:33   260976   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSystemDetect"="c:\documents and settings\User\Local Settings\Apps\2.0\A8LMOTVO.4B3\RO0X0G3X.50N\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe" [2014-06-12 262720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-26 3890208]
"upfst_us_130.exe"="c:\documents and settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe" [2014-06-30 3353568]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Severe Weather Alerts App.lnk - c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [2013-7-9 348384]
Severe Weather Alerts.lnk - c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe /restart [2013-7-1 84184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [6/26/2014 4:34 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [6/26/2014 4:34 PM 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [6/26/2014 4:34 PM 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6/26/2014 4:34 PM 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [6/26/2014 4:34 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/26/2014 4:34 PM 67824]
R2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [6/30/2014 3:28 PM 107624]
R3 bpusbflt;bpusbflt;c:\windows\system32\drivers\bpusbflt.sys [3/21/2013 11:18 AM 9597]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 CltMngSvc;Search Protect Service;c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe --> c:\progra~1\SearchProtect\Main\bin\CltMngSvc.exe [?]
S2 MBAMScheduler;MBAMScheduler;"\mbamscheduler.exe" --> \mbamscheduler.exe [?]
S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?]
S2 Update ToggleMark;Update ToggleMark;"c:\program files\ToggleMark\updateToggleMark.exe" --> c:\program files\ToggleMark\updateToggleMark.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/5/2014 8:17 PM 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 21:50]
.
2014-07-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-26 20:33]
.
2014-07-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-06-05 01:59]
.
2014-06-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-06-05 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=MA4403525-1336-4960-B50F-2ACBC74D8563&SearchSource=55&CUI=&UM=2&UP=SP6A384B2C-5724-4949-863C-E4213714DE1F&SSPV=
mStart Page = https://www.yahoo.co...t&type=avastbcl
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 207.5.171.1 207.5.171.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-fst_us_130 - (no file)
HKLM-Run-t4pc_en_8 - (no file)
HKLM-Run-upt4pc_en_8.exe - c:\documents and settings\User\Local Settings\Application Data\fst_us_130\upt4pc_en_8.exe
Notify-AtiExtEvent - (no file)
AddRemove-3D Ultra NASCAR Pinball - c:\sierra\NASCAR Pinball\Uninst.isu
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-01 12:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Unchecky\bin\unchecky_bg.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-07-01 12:43:27 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-01 16:43
.
Pre-Run: 46,313,848,832 bytes free
Post-Run: 46,159,310,848 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 5E86505E2BA7E1AA724B452F2DEB4EAD
8F558EB6672622401DA993E1E865C861

#108
itsmesunny

Posted 01 July 2014 - 10:48 AM

Member

Topic Starter
Member
307 posts

O yeah.

I have " copy of OTL" and "OTL" om my desktop. Which one should I keep - if either of them?

#109
Essexboy

Posted 01 July 2014 - 11:00 AM

GeekU Moderator

Retired Staff
69,964 posts

OK next step

1. Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

You can delete either one of the OTL files

#110
itsmesunny

Posted 01 July 2014 - 01:01 PM

Member

Topic Starter
Member
307 posts

Ok. here ya go!

ComboFix 14-06-30.01 - User 07/01/2014 14:34:44.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.566 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\User\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk"
"c:\documents and settings\User\Start Menu\Programs\Startup\Severe Weather Alerts.lnk"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\freeSOFTtoday
c:\documents and settings\User\Local Settings\Application Data\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl
c:\documents and settings\User\Local Settings\Application Data\fst_us_130
c:\documents and settings\User\Local Settings\Application Data\fst_us_130\Download\majfstusau.exe
c:\documents and settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.cyl
c:\documents and settings\User\Local Settings\Application Data\fst_us_130\upfst_us_130.exe
c:\documents and settings\User\Local Settings\Application Data\fst_us_130\upt4pc_en_8.cyl
c:\documents and settings\User\Local Settings\Application Data\fst_us_130\user_profil.cyp
c:\documents and settings\User\Local Settings\Application Data\globalUpdate
c:\documents and settings\User\Local Settings\Application Data\Local_Weather_LLC
c:\documents and settings\User\Local Settings\Application Data\Local_Weather_LLC\WeatherAlerts.exe_Url_ctjoephh5hbr0sioqoypg3s0u1qkg2q5\1.4.0.0\user.config
c:\documents and settings\User\Local Settings\Application Data\SearchProtect
c:\documents and settings\User\Local Settings\Application Data\SearchProtect\SearchProtect\rep\Cvc.dat
c:\documents and settings\User\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\documents and settings\User\Local Settings\Application Data\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\documents and settings\User\Local Settings\Application Data\SearchProtect\UI\rep\UIRepository.dat
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.0.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.1.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.10.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.100.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.101.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.102.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.103.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.104.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.105.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.106.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.107.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.108.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.109.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.11.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.110.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.111.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.112.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.113.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.114.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.115.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.116.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.117.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.118.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.119.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.12.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.120.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.121.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.13.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.14.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.15.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.16.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.17.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.18.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.19.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.2.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.20.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.21.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.22.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.23.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.24.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.25.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.26.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.27.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.28.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.29.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.3.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.30.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.31.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.32.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.33.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.34.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.35.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.36.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.37.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.38.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.39.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.4.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.40.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.41.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.42.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.43.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.44.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.45.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.46.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.47.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.48.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.49.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.5.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.50.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.51.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.52.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.53.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.54.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.55.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.56.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.57.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.58.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.59.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.6.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.60.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.61.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.62.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.63.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.64.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.65.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.66.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.67.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.68.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.69.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.7.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.70.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.71.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.72.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.73.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.74.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.75.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.76.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.77.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.78.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.79.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.8.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.80.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.81.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.82.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.83.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.84.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.85.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.86.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.87.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.88.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.89.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.9.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.90.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.91.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.92.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.93.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.94.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.95.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.96.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.97.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.98.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630134550\3802.99.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.0.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.1.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.10.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.11.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.12.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.13.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.14.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.15.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.16.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.17.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.18.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.19.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.2.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.20.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.21.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.22.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.23.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.24.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.25.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.26.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.27.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.28.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.29.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.3.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.30.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.31.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.32.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.33.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.34.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.35.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.36.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.37.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.38.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.39.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.4.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.40.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.41.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.42.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.43.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.44.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.45.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.46.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.47.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.5.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.6.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.7.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.8.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630143253\3801.9.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.47.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.48.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.49.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.50.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.51.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.52.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.53.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.54.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.55.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.56.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.57.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.58.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.59.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.60.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.61.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.62.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.63.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.64.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.65.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.66.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.67.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.68.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.69.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.70.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.71.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.72.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.73.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.74.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.75.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.76.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.77.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.78.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.79.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.80.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630145150\3801.81.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.81.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.82.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.83.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.84.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.85.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.86.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.87.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.88.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.89.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.90.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.91.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\0630150637\3801.92.tmp
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe.config
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsK.dat
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsU.dat
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\SWAUpdater.exe
c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\uninstall.exe
c:\documents and settings\User\Local Settings\Application Data\Weather_Notifications,_LL
c:\documents and settings\User\Local Settings\Application Data\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_oghiw2ghsqv1kkm3xx334mbwfsr5ttie\1.21.0.0\user.config
c:\program files\globalUpdate
c:\program files\MyPC Backup
c:\program files\MyPC Backup\Database\mpcb_settings.db
c:\program files\MyPC Backup\DEL_AWSSDK.dll
c:\program files\MyPC Backup\DEL_GetText.dll
c:\program files\MyPC Backup\DEL_MPCBClient.dll
c:\program files\MyPC Backup\DEL_MyPC Backup.exe
c:\program files\MyPC Backup\DEL_ObjectListView.dll
c:\program files\MyPC Backup\DEL_Shared Stack.dll
c:\program files\MyPC Backup\x86\System.Data.SQLite.dll
c:\program files\Optimizer Pro
c:\program files\pcmax
c:\program files\pcmax\msvcr100.dll
c:\program files\pcmax\nodown.txt
c:\program files\predm
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CLTMNGSVC
-------\Legacy_UPDATE_TOGGLEMARK
-------\Service_CltMngSvc
-------\Service_Update ToggleMark
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-01 to 2014-07-01 )))))))))))))))))))))))))))))))
.
.
2014-06-30 19:30 . 2010-08-30 12:34   536576   ----a-w-   c:\windows\system32\sqlite3.dll
2014-06-30 19:28 . 2014-06-30 19:28   --------   d-----w-   c:\program files\Unchecky
2014-06-30 16:43 . 2014-06-30 16:43   --------   d-----w-   C:\_OTL
2014-06-26 20:42 . 2014-06-26 20:42   --------   d-----w-   c:\documents and settings\User\Application Data\AVAST Software
2014-06-26 20:34 . 2014-06-26 20:34   57672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2014-06-26 20:34 . 2014-06-26 20:40   777488   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2014-06-26 20:34 . 2014-06-26 20:34   180632   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2014-06-26 20:34 . 2014-06-26 20:40   411680   ----a-w-   c:\windows\system32\drivers\aswsp.sys
2014-06-26 20:34 . 2014-06-26 20:34   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2014-06-26 20:34 . 2014-06-26 20:40   54832   ----a-w-   c:\windows\system32\drivers\aswrdr.sys
2014-06-26 20:34 . 2014-06-26 20:34   67824   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2014-06-26 20:34 . 2014-06-26 20:34   24184   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2014-06-26 20:33 . 2014-06-26 20:33   43152   ----a-w-   c:\windows\avastSS.scr
2014-06-25 15:55 . 2014-06-25 15:55   --------   d-----w-   c:\windows\ERUNT
2014-06-25 15:28 . 2014-07-01 14:08   --------   d-----w-   C:\AdwCleaner
2014-06-23 22:06 . 2014-06-25 17:01   --------   d-----w-   C:\FRST
2014-06-12 23:10 . 2014-06-12 23:10   --------   d-----w-   c:\documents and settings\User\Application Data\Dell
2014-06-12 23:10 . 2014-06-12 23:10   --------   d-----w-   c:\program files\Dell Support Center
2014-06-12 22:53 . 2014-06-12 22:53   --------   d-----w-   c:\windows\system32\wbem\Repository
2014-06-12 19:52 . 2014-06-12 23:10   --------   d-----w-   c:\program files\My Dell
2014-06-12 19:49 . 2014-06-23 21:52   --------   d-----w-   C:\temp
2014-06-09 15:46 . 2014-06-09 15:46   110296   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-09 12:06 . 2012-06-02 19:18   275696   ----a-w-   c:\windows\system32\mucltui.dll
2014-06-09 12:06 . 2012-06-02 19:18   214256   ----a-w-   c:\windows\system32\muweb.dll
2014-06-08 23:06 . 2014-06-08 23:06   --------   d-----w-   c:\program files\Microsoft Silverlight
2014-06-08 14:33 . 2014-06-08 14:33   --------   d--h--w-   c:\windows\PIF
2014-06-07 15:12 . 2014-06-07 15:12   --------   d-----w-   c:\program files\Enigma Software Group
2014-06-07 15:11 . 2014-06-07 15:11   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2014-06-07 14:07 . 2014-06-07 14:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2014-06-06 21:37 . 2014-06-07 01:11   --------   d-----w-   c:\documents and settings\User\Application Data\HpUpdate
2014-06-06 21:37 . 2014-06-06 21:37   --------   d-----w-   c:\windows\Hewlett-Packard
2014-06-06 17:06 . 2014-06-06 21:32   --------   d-----w-   c:\documents and settings\User\Application Data\Apple Computer
2014-06-06 16:30 . 2014-06-06 16:30   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Apple
2014-06-06 16:30 . 2014-06-06 16:30   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Apple Computer
2014-06-06 16:14 . 2014-06-06 16:14   --------   d-----w-   c:\documents and settings\User\.swt
2014-06-06 16:13 . 2014-06-08 15:23   --------   d-----w-   c:\documents and settings\User\Application Data\Azureus
2014-06-06 14:51 . 2014-06-06 14:51   --------   d-----w-   c:\documents and settings\User\Application Data\Windows Search
2014-06-06 14:43 . 2008-04-14 00:12   221184   ----a-w-   c:\windows\system32\wmpns.dll
2014-06-06 14:15 . 2014-06-30 17:48   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\ApplicationHistory
2014-06-06 13:15 . 2014-06-06 13:15   --------   d-----w-   c:\windows\system32\winrm
2014-06-06 13:15 . 2014-06-06 13:15   --------   dc-h--w-   c:\windows\$968930Uinstall_KB968930$
2014-06-06 13:14 . 2014-06-06 13:14   --------   d-----w-   c:\documents and settings\User\Application Data\Windows Desktop Search
2014-06-06 13:13 . 2014-06-06 14:20   --------   d-----w-   c:\program files\Windows Desktop Search
2014-06-06 13:13 . 2014-06-06 13:13   --------   d-----w-   c:\windows\system32\GroupPolicy
2014-06-06 13:11 . 2008-03-07 17:02   98304   -c----w-   c:\windows\system32\dllcache\nlhtml.dll
2014-06-06 13:11 . 2008-03-07 17:02   29696   -c----w-   c:\windows\system32\dllcache\mimefilt.dll
2014-06-06 13:11 . 2008-03-07 17:02   192000   -c----w-   c:\windows\system32\dllcache\offfilt.dll
2014-06-06 13:10 . 2014-06-06 13:10   --------   d-----w-   c:\windows\system32\URTTEMP
2014-06-06 12:40 . 2014-06-08 22:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-06-06 12:39 . 2014-06-08 22:48   --------   d-----w-   c:\program files\Lavasoft
2014-06-06 12:34 . 2014-06-06 12:42   --------   d-----w-   c:\documents and settings\User\Application Data\LavasoftStatistics
2014-06-06 12:31 . 2014-06-06 12:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2014-06-06 12:17 . 2014-06-06 12:17   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2014-06-06 12:17 . 2014-06-06 12:17   --------   d--h--w-   c:\documents and settings\All Users\Common Files
2014-06-06 12:15 . 2014-06-06 12:15   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Common Files
2014-06-06 00:17 . 2014-06-13 15:10   13464   ----a-w-   c:\windows\system32\drivers\SWDUMon.sys
2014-06-06 00:17 . 2014-06-06 00:17   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\SlimWare Utilities Inc
2014-06-06 00:17 . 2014-06-13 15:26   --------   d-----w-   c:\program files\DriverUpdate
2014-06-05 19:40 . 2014-06-05 19:40   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Mozilla
2014-06-05 19:40 . 2014-06-24 14:09   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2014-06-05 19:05 . 2014-06-13 01:14   --------   d-----w-   c:\documents and settings\User\Application Data\IDM2
2014-06-05 18:52 . 2014-06-12 23:03   --------   d-----w-   c:\documents and settings\User\Local Settings\Application Data\Deployment
2014-06-05 18:30 . 2014-06-13 01:25   --------   d-----w-   c:\windows\system32\MRT
2014-06-05 17:47 . 2013-07-03 02:12   25088   -c----w-   c:\windows\system32\dllcache\hidparse.sys
2014-06-05 17:44 . 2013-07-17 00:58   123008   -c----w-   c:\windows\system32\dllcache\usbvideo.sys
2014-06-05 17:43 . 2014-02-26 01:59   13312   -c----w-   c:\windows\system32\dllcache\xp_eos.exe
2014-06-05 17:43 . 2014-02-26 01:59   13312   ------w-   c:\windows\system32\xp_eos.exe
2014-06-05 17:43 . 2013-08-09 00:55   144128   -c----w-   c:\windows\system32\dllcache\usbport.sys
2014-06-05 17:43 . 2013-08-09 00:55   5376   -c----w-   c:\windows\system32\dllcache\usbd.sys
2014-06-05 17:43 . 2009-03-18 11:02   30336   -c----w-   c:\windows\system32\dllcache\usbehci.sys
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   c:\windows\Sun
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   C:\Users
2014-06-05 17:38 . 2014-06-05 17:38   --------   d-----w-   c:\program files\Common Files\Java
2014-06-05 17:37 . 2014-05-07 18:42   145408   ----a-w-   c:\windows\system32\javacpl.cpl
2014-06-05 17:37 . 2014-05-07 19:02   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 21:49 . 2013-02-22 20:32   699056   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-06-26 21:49 . 2013-02-22 20:32   71344   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-26 20:34 . 2014-06-26 20:34   776976   ----a-w-   c:\windows\system32\drivers\aswsnx.sys.1403815204015
2014-06-26 20:34 . 2014-06-26 20:34   54832   ----a-w-   c:\windows\system32\drivers\aswrdr.sys.1403815204015
2014-06-26 20:33 . 2013-03-21 18:07   271264   ----a-w-   c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-26 20:33   260976   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-26 3890208]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Severe Weather Alerts App.lnk - c:\qoobox\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlertsApp.exe.vir [2013-7-9 348384]
Severe Weather Alerts.lnk - c:\qoobox\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\SevereWeatherAlerts\SevereWeatherAlerts.exe.vir /restart [2013-7-1 84184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [6/26/2014 4:34 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [6/26/2014 4:34 PM 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [6/26/2014 4:34 PM 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [6/26/2014 4:34 PM 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [6/26/2014 4:34 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/26/2014 4:34 PM 67824]
R2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [6/30/2014 3:28 PM 107624]
R3 bpusbflt;bpusbflt;c:\windows\system32\drivers\bpusbflt.sys [3/21/2013 11:18 AM 9597]
S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?]
S2 MBAMScheduler;MBAMScheduler;"\mbamscheduler.exe" --> \mbamscheduler.exe [?]
S2 MBAMService;MBAMService;"\mbamservice.exe" --> \mbamservice.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/5/2014 8:17 PM 13464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32   128512   ----a-w-   c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-22 21:50]
.
2014-07-01 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-26 20:33]
.
2014-07-01 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-06-05 01:59]
.
2014-06-05 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-06-05 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=MA4403525-1336-4960-B50F-2ACBC74D8563&SearchSource=55&CUI=&UM=2&UP=SP6A384B2C-5724-4949-863C-E4213714DE1F&SSPV=
mStart Page = https://www.yahoo.co...t&type=avastbcl
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 207.5.171.1 207.5.171.2
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\asymwfoh.default-1402681398921\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.startpage.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Severe Weather Alerts - c:\documents and settings\User\Local Settings\Application Data\SevereWeatherAlerts\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-01 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Unchecky\bin\unchecky_bg.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************

Completion time: 2014-07-01 14:58:57 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-01 18:58
ComboFix2.txt 2014-07-01 16:43
.
Pre-Run: 46,270,853,120 bytes free
Post-Run: 46,237,884,416 bytes free
.
- - End Of File - - 8C09D983E4405A8D0AFFEE661665E679
8F558EB6672622401DA993E1E865C861

Edited by itsmesunny, 01 July 2014 - 01:02 PM.

#111
Essexboy

Posted 01 July 2014 - 01:34 PM

GeekU Moderator

Retired Staff
69,964 posts

OK getting better, used a very big hammer there

Lets try and reset your browser now

Please download Junkware Removal Tool to your desktop.

Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
post the contents of JRT.txt into your next message.

After this we will look at the sound

#112
itsmesunny

Posted 01 July 2014 - 01:46 PM

Member

Topic Starter
Member
307 posts

Ok. :yeah:

#113
itsmesunny

Posted 01 July 2014 - 02:07 PM

Member

Topic Starter
Member
307 posts

Ok! Here ya go! :yes:

#114
Essexboy

Posted 01 July 2014 - 02:18 PM

GeekU Moderator

Retired Staff
69,964 posts

There should be a JRT.txt on the desktop could you post that

How is the computer behaving now

#115
itsmesunny

Posted 01 July 2014 - 02:28 PM

Member

Topic Starter
Member
307 posts

You know Local Disk (C:) has the a lot of stuff I wanted to get rid of that she put on it.

A lot of it is gone.

I notice when you were doing it that you were doing Local Disk (F:)

Here it is:

#116
Essexboy

Posted 01 July 2014 - 02:34 PM

GeekU Moderator

Retired Staff
69,964 posts

OK what I will do now is remove the tools and then see at what stage we are at

Are the speakers connected to the computer ?

How is the computer behaving now ?

Download and run Delfix

#117
itsmesunny

Posted 01 July 2014 - 02:45 PM

Member

Topic Starter
Member
307 posts

Ok.

The speakers are NOT connected cuz I don't know where to plug them in.

It's slow.

:confused:

#118
itsmesunny

Posted 01 July 2014 - 02:49 PM

Member

Topic Starter
Member
307 posts

Here ya go:

# DelFix v10.7 - Logfile created 01/07/2014 at 16:47:28
# Updated 27/04/2014 by Xplode
# Username : User - USER-R6PHPMKAQL
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\User\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

########## - EOF - ##########

#119
itsmesunny

Posted 01 July 2014 - 02:54 PM

Member

Topic Starter
Member
307 posts

The Sound and Audio Devices window is still grey. The VOLUME I mean.

Edited by itsmesunny, 01 July 2014 - 03:08 PM.

#120
Essexboy

Posted 01 July 2014 - 02:57 PM

GeekU Moderator

Retired Staff
69,964 posts

Yep we will need to speed you up a bit

On the back of the computer tower are a number of small, round, coloured-coded sockets.
The one to plug your speakers into is usually green.
It may also be marked with a headphones symbol or be labelled Audio out. - See more at: http://digitalunite....h.fRG3etlb.dpuf

Apart from the speed how is the computer behaving