DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Temp at 7:39:57 on 2013-09-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1507 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes ================ . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.alldatapro.com/alldata/PRO~OF1~C8000~N/0 BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007 TCP: NameServer = 192.168.0.1 TCP: Interfaces\{308E3A72-D076-4737-B06F-201DDC587F7C} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-9-24 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-9-24 177864] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-24 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-24 369584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-24 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-24 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-24 46808] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375120] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-26 47640] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2013-09-24 22:35:35 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-09-24 22:35:34 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-09-24 22:35:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-09-24 22:14:14 -------- d-----w- c:\program files\Speccy 2013-09-24 21:21:30 -------- d-----w- c:\windows\ERUNT 2013-09-24 21:13:45 -------- d-----w- C:\AdwCleaner 2013-09-24 21:10:09 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-09-24 21:09:38 41664 ----a-w- c:\windows\avastSS.scr 2013-09-24 16:04:58 -------- d-sha-r- C:\cmdcons 2013-09-24 15:48:04 98816 ----a-w- c:\windows\sed.exe 2013-09-24 15:48:04 256000 ----a-w- c:\windows\PEV.exe 2013-09-24 15:48:04 208896 ----a-w- c:\windows\MBR.exe 2013-09-24 15:38:47 -------- d-----w- c:\documents and settings\temp\local settings\application data\LogMeIn 2013-09-24 14:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS 2013-09-24 14:34:01 -------- d-----w- c:\windows\system32\wbem\Repository 2013-09-24 14:30:40 -------- d-----w- c:\documents and settings\temp\application data\AVG SafeGuard toolbar 2013-09-23 17:58:19 -------- d-----w- c:\program files\AVAST Software 2013-09-23 17:58:19 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software 2013-09-23 12:49:04 -------- d-----w- c:\documents and settings\temp\application data\AVG 2013-09-23 12:45:51 -------- d-----w- c:\documents and settings\all users\application data\AVG 2013-09-19 12:55:02 -------- d-----w- c:\program files\WinUtilities 2013-09-18 14:42:07 -------- d-----w- c:\documents and settings\temp\application data\Malwarebytes 2013-09-18 14:41:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-09-18 14:41:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2013-09-24 15:24:50 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-24 15:24:50 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll 2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-07-31 20:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll 2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet(4).dll 2013-07-26 02:47:17 1215488 ----a-w- c:\windows\system32\urlmon(4).dll 2013-07-26 02:47:17 105984 ----a-w- c:\windows\system32\url(4).dll 2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 7:40:33.23 ===============