warning boxes popping up computer to become non responsive and fre

mare_wbpa · June 08, 2013, 03:51:35 AM

Oh, OK, I didn't know that. I hope I didn't screw up. Without thinking that it may be important to keep the computer in the condition it was in, and just shut down, I did a System Restore. I'm kicking myself around the block as I type.

Corrine · June 08, 2013, 05:46:17 PM

I didn't see anything in the log you saved that would result in any problems, although I'm not quite certain what you meant when you said,

QuoteWhen I try to start normally it goes into a loop from the safe mode screen to the opening screen.

When you run ComboFix, it will automatically restart your computer. When it restarts, you will want to select Normal Mode. So, please run ComboFix again, trying Normal Mode again. If unable to run in Normal Mode, select Safe Mode with Networking. That way, if you are prompted to update ComboFix, it will be able to download the latest version.

Whether in Normal Mode or Safe Mode, please disable AVG via the AVG program rather than the icon in the system tray. See http://www.avg.com/ww-en/faq.num-4497 for instructions.

mare_wbpa · June 08, 2013, 11:50:12 PM

What I meant by loop is that when I click start manually in the safe mode it takes me to the opening windows screen with the little progress bar under the logo, it stays there for a few secs, then goes back to the safe mode screen, then back to the opening screen, etc. I repeated the Combofix scan with the Avg disabled. After the scan it shut down, and restarted din safe mode and is doing the loop thing again. I shut down in safe mode. Here is the log.

ComboFix 13-06-05.04 - Compaq_Owner 06/08/2013 16:47:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.149 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Messenger\msmsgs .exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\system32\Cache
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\wt
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
c:\windows\system32\drivers\intelppm.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\intelppm.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
.
.
2013-06-08 21:09 . 2013-06-08 21:09   --------   d-----w-   c:\windows\LastGood.Tmp
2013-06-08 21:09 . 2004-08-04 02:59   36096   ----a-w-   c:\windows\system32\drivers\intelppm.sys
2013-06-08 21:09 . 2004-08-04 02:59   36096   ----a-w-   c:\windows\system32\dllcache\intelppm.sys
2013-06-08 21:09 . 2004-08-04 04:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2013-06-08 21:09 . 2004-08-04 04:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2013-06-08 01:54 . 2013-06-08 01:54   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-06-06 15:53 . 2013-04-04 18:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-06-05 21:24 . 2013-06-05 21:24   --------   d-----w-   c:\windows\ERUNT
2013-06-05 21:23 . 2013-06-05 21:23   --------   d-----w-   C:\JRT
2013-06-03 23:36 . 2013-06-06 16:24   --------   d-----w-   c:\windows\system32\CatRoot_bak
2013-06-03 15:59 . 2013-06-03 23:16   --------   d-----w-   c:\program files\SpywareBlaster
2013-06-02 16:20 . 2006-12-29 04:31   19569   ----a-w-   c:\windows\005403_.tmp
2013-06-02 15:57 . 2013-06-02 16:01   --------   d-----w-   C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:13 . 2004-07-17 15:40   19528   ----a-w-   c:\windows\000001_.tmp
2013-05-30 23:57 . 2013-05-31 00:02   --------   d-----w-   C:\d321eb98beeded867b1c1470
2013-05-28 21:52 . 2013-05-28 21:52   --------   d-----w-   c:\windows\system32\scripting
2013-05-28 21:52 . 2013-05-28 21:52   --------   d-----w-   c:\windows\l2schemas
2013-05-28 21:43 . 2006-12-29 04:31   19569   ----a-w-   c:\windows\002709_.tmp
2013-05-24 17:41 . 2013-05-24 19:37   --------   d-----w-   c:\program files\Norton Security Scan
2013-05-24 17:39 . 2013-05-24 19:37   --------   d-----w-   c:\program files\NortonInstaller
2013-05-22 23:52 . 2013-05-22 23:52   --------   d-----w-   c:\program files\RealNetworks
2013-05-22 23:51 . 2013-05-22 23:51   --------   d-----w-   c:\program files\Common Files\xing shared
2013-05-22 23:50 . 2013-05-22 23:50   153736   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-05-22 23:50 . 2013-05-22 23:50   124504   ----a-w-   c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-05-22 23:49 . 2013-05-22 23:51   --------   d-----w-   c:\program files\real
2013-05-22 15:31 . 2013-05-22 17:39   --------   d-----w-   c:\program files\Uninstaller
2013-05-22 15:23 . 2013-05-22 15:23   --------   d-----w-   c:\program files\Uniblue
2013-05-22 15:21 . 2013-05-22 17:39   --------   d-----w-   c:\program files\Vafmusic2
2013-05-21 22:49 . 2013-05-21 22:49   262552   ----a-w-   c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-11 10:37 . 2013-05-11 10:37   209472   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37   209472   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:55 . 2013-05-28 21:55   45056   ----a-w-   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2013-05-28 21:55 . 2013-05-28 21:55   44032   ----a-w-   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2013-05-22 23:50 . 2003-02-21 04:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2013-05-22 23:50 . 2003-03-18 20:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2013-05-21 00:06 . 2012-12-11 16:33   37664   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31 . 2012-06-24 14:34   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:31 . 2012-01-28 16:19   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 06:53 . 2011-12-23 17:32   208184   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08 . 2011-02-10 11:54   182072   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2005-01-07 19:20 . 2005-01-07 19:20   278528   ----a-w-   c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 . 2005-01-07 19:20   143360   ----a-w-   c:\program files\internet explorer\plugins\UPjpeg.dll
.

Code Select

<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask  .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-22 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Smilebox\\SmileboxStarter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/11/2012 12:33 PM 37664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/30/2011 4:09 PM 163664]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 01:31]
.
2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2009-10-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]
.
2013-06-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
2013-05-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-08 18:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1532)
c:\windows\system32\WININET.dll
.
Completion time: 2013-06-08 18:57:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-08 22:56
ComboFix2.txt 2013-06-08 00:36
.
Pre-Run: 136,207,355,904 bytes free
Post-Run: 136,609,689,600 bytes free
.
- - End Of File - - 5C5736D89342761231F198F54809BBC8

Corrine · June 09, 2013, 02:21:46 PM

Please navigate to C:\Qoobox and locate ComboFix-quarantined-files.txt. Copy/paste the results in your next reply.

mare_wbpa · June 09, 2013, 05:17:33 PM

Here it is:

2013-06-08 22:55:46 . 2013-06-08 22:55:46 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2013-06-08 22:55:46 . 2013-06-08 22:55:46 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2013-06-08 21:04:13 . 2013-06-08 21:04:13 6,052 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-08 03:30:17 . 2009-02-06 04:17:07 24,613 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\LOCALS~1\temp\IadHide5.dll.vir
2013-06-08 00:29:58 . 2004-04-30 10:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2013-06-05 22:18:23 . 2013-06-08 20:43:26 408 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-05-21 00:12:31 . 2013-05-21 00:06:11 11,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\b69159d6037995ae.fb.vir
2013-02-18 18:45:15 . 2013-05-21 00:06:10 577 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\95f567698be8a182.fb.vir
2013-02-18 18:45:15 . 2013-05-21 00:06:09 636 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\26c630d098e22dd5.fb.vir
2013-02-18 18:45:15 . 2013-02-18 18:43:38 10,783 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8b195b08c9d11fd8.fb.vir
2013-02-10 16:09:42 . 2013-02-10 16:08:02 10,993 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\2fe7b40ac5d87f2f.fb.vir
2013-01-30 16:33:34 . 2013-05-21 00:06:10 639 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\590ba23ce359fd0c.fb.vir
2013-01-30 16:33:34 . 2013-05-21 00:06:10 630 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\272512937d9e61a4.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 398 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c59ac5e7e7a3ad0.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 627 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\651c5d3cdbfb8bd1.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 1,045 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d201ef9910cd39de.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 586 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c4d28dca2e7648be.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 663 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c1fa887b03019701.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 668 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6d03dad1035885d3.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 1,071 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f998975c9cc711ee.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 661 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\32c84fe32bb74d60.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:10 366 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ad10a52aff5e038d.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 622 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\287204568329e189.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:10 628 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\31a0997e9a5b5eb3.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 365 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\610289e025a3ee9a.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 627 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d79b9dfe81484ec4.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 567 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d2e94710a5708128.fb.vir
2013-01-30 16:33:31 . 2013-05-21 00:06:09 1,022 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3917078cb68ec657.fb.vir
2013-01-30 16:33:31 . 2013-05-21 00:06:09 1,291 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\28bc8f716fd76a47.fb.vir
2013-01-30 16:33:31 . 2013-01-30 16:29:56 10,511 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\a0b3310061560f9b.fb.vir
2012-01-13 16:34:27 . 2012-01-13 17:37:02 10,950 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\c3a2569b.vir
2012-01-13 16:34:27 . 2012-01-13 17:37:03 10,984 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\37ba2fe3.vir
2010-10-17 01:20:20 . 2010-10-17 01:20:20 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A14220.###.vir
2010-10-17 01:20:19 . 2010-10-17 01:20:19 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A141C0.###.vir
2010-10-17 01:20:19 . 2010-10-17 01:20:19 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A141F0.###.vir
2010-10-14 03:31:23 . 2010-10-14 03:31:23 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A14220.###.vir
2010-10-14 03:31:22 . 2010-10-14 03:31:22 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A141C0.###.vir
2010-10-14 03:31:21 . 2010-10-14 03:31:21 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A141F0.###.vir
2010-07-14 19:53:23 . 2004-02-16 16:47:09 251 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wt3d.ini.vir
2010-07-14 19:53:23 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver.dll.vir
2010-07-14 19:53:23 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wt3d.dll.vir
2010-07-14 19:53:23 . 2004-05-14 14:56:07 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\sound.dll.vir
2010-07-14 19:53:23 . 2004-02-16 17:47:09 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtvh.dll.vir
2010-07-14 19:53:23 . 2004-02-16 17:47:10 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax.vir
2010-07-14 19:53:23 . 2004-02-16 16:49:28 87 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini.vir
2010-07-14 19:53:23 . 2004-03-10 01:57:23 73,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll.vir
2010-07-14 19:53:23 . 2004-04-26 21:19:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll.vir
2010-07-14 19:53:23 . 2004-04-26 21:19:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wthost.exe.vir
2010-07-14 19:53:23 . 2004-05-14 14:58:03 712,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\webdriver.dll.vir
2010-07-14 19:53:23 . 2004-05-14 14:55:19 737,280 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wdengine.dll.vir
2010-07-14 19:53:22 . 2003-08-20 21:53:48 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\rdriver.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:55:31 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll.vir
2010-07-14 19:53:22 . 2003-08-20 21:53:16 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\jdriver.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:55:43 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:56:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:56:25 102,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\actorobject.dll.vir
2010-07-14 19:53:22 . 2010-07-14 19:53:26 677 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wt.ini.vir
2010-07-14 19:53:21 . 2003-11-11 01:38:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\wtdmmpv.dll.vir
2010-07-14 19:53:21 . 2003-10-27 19:42:44 36,864 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\wtdmmp.dll.vir
2010-07-14 19:53:03 . 2005-09-02 20:50:11 9,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wcmdmgrl.exe.vir
2010-07-14 19:53:03 . 2005-09-02 20:50:11 9,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wcmdmgr.exe.vir
2009-06-28 23:40:46 . 2009-06-28 23:40:46 7,680 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
2009-02-06 04:01:05 . 2003-09-12 19:13:20 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir
2009-02-06 03:45:03 . 2009-02-06 03:45:03 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2009-02-06 03:45:03 . 2003-02-21 12:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2009-01-29 05:12:54 . 2004-08-04 04:00:00 406,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\usp10(2).dll.vir
2009-01-29 05:12:54 . 2004-08-04 04:00:00 406,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\usp10(3).dll.vir
2009-01-29 05:08:53 . 2004-08-04 04:00:00 18,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\linkinfo(2).dll.vir
2009-01-29 05:08:53 . 2004-08-04 04:00:00 18,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\linkinfo(3).dll.vir
2009-01-29 05:08:06 . 2004-08-04 04:00:00 1,032,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer(2).exe.vir
2009-01-29 05:08:06 . 2004-08-04 04:00:00 1,032,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer(3).exe.vir
2009-01-29 05:06:47 . 2004-08-04 04:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon(2).exe.vir
2009-01-29 05:06:47 . 2004-08-04 04:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon(3).exe.vir
2006-10-19 01:47:20 . 2006-10-19 01:47:20 99,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA3.tmp.vir
2004-08-04 15:06:34 . 2004-10-13 16:24:37 1,694,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs .exe.vir
2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll.vir
2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll.vir
2004-05-14 14:58:03 . 2004-05-14 14:58:03 712,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll.vir
2004-05-14 14:56:25 . 2004-05-14 14:56:25 102,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll.vir
2004-05-14 14:56:14 . 2004-05-14 14:56:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll.vir
2004-05-14 14:56:07 . 2004-05-14 14:56:07 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll.vir
2004-05-14 14:55:43 . 2004-05-14 14:55:43 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll.vir
2004-05-14 14:55:31 . 2004-05-14 14:55:31 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll.vir
2004-05-14 14:55:19 . 2004-05-14 14:55:19 737,280 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll.vir
2004-04-26 21:19:34 . 2004-04-26 21:19:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll.vir
2004-04-26 21:19:30 . 2004-04-26 21:19:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe.vir
2004-04-26 21:19:26 . 2004-04-26 21:19:26 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll.vir
2004-03-10 01:57:23 . 2004-03-10 01:57:23 73,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll.vir
2004-02-16 17:47:10 . 2004-02-16 17:47:10 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax.vir
2004-02-16 17:47:09 . 2004-02-16 17:47:09 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll.vir
2004-02-16 16:49:28 . 2004-02-16 16:49:28 87 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini.vir
2004-02-16 16:47:09 . 2004-02-16 16:47:09 251 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini.vir
2003-11-11 01:38:24 . 2003-11-11 01:38:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll.vir
2003-10-27 19:42:44 . 2003-10-27 19:42:44 36,864 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll.vir
2003-09-04 23:14:01 . 2003-09-04 23:14:01 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll.vir
2003-09-04 23:13:57 . 2003-09-04 23:13:57 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll.vir
2003-09-04 23:12:09 . 2003-09-04 23:12:09 21,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll.vir
2003-08-20 21:53:48 . 2003-08-20 21:53:48 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll.vir
2003-08-20 21:53:16 . 2003-08-20 21:53:16 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll.vir

Corrine · June 09, 2013, 06:39:37 PM

It looks as though the log may have been cut off by the forum software. Is there anything below the following entry from the end of the log? If so, please copy/paste anything else.

C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll.vir

Entries that I researched showed the possibility of a worm. Do you recall the purpose for ps2.bat? The date of the file is from 2009.

mare_wbpa · June 09, 2013, 09:00:58 PM

I have to do a system restore and get back to normal mode to run the scan again, to see if there's anything after the line you provided. When I went back to check the log again there was only one line in the file. Don't know what happened. When I looked at the document I copied to paste it into the reply the line you gave was the last line.

ps2.bat doesn't ring any bells

mare_wbpa · June 09, 2013, 10:12:42 PM

Here is the latest log: When I pasted it was complete.

ComboFix 13-06-05.04 - Compaq_Owner 06/09/2013 17:33:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.148 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Messenger\msmsgs .exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\system32\Cache
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\wt
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
c:\windows\system32\drivers\intelppm.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\intelppm.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 21:59 . 2013-06-09 21:59   --------   d-----w-   c:\windows\LastGood.Tmp
2013-06-09 21:58 . 2004-08-04 02:59   36096   ----a-w-   c:\windows\system32\drivers\intelppm.sys
2013-06-09 21:58 . 2004-08-04 02:59   36096   ----a-w-   c:\windows\system32\dllcache\intelppm.sys
2013-06-09 21:58 . 2004-08-04 04:00   50176   ----a-w-   c:\windows\system32\proquota.exe
2013-06-09 21:58 . 2004-08-04 04:00   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
2013-06-09 20:54 . 2013-06-09 20:54   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-06-06 15:53 . 2013-04-04 18:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-06-05 21:24 . 2013-06-05 21:24   --------   d-----w-   c:\windows\ERUNT
2013-06-05 21:23 . 2013-06-05 21:23   --------   d-----w-   C:\JRT
2013-06-03 23:36 . 2013-06-06 16:24   --------   d-----w-   c:\windows\system32\CatRoot_bak
2013-06-03 15:59 . 2013-06-03 23:16   --------   d-----w-   c:\program files\SpywareBlaster
2013-06-02 16:20 . 2006-12-29 04:31   19569   ----a-w-   c:\windows\005403_.tmp
2013-06-02 15:57 . 2013-06-02 16:01   --------   d-----w-   C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:13 . 2004-07-17 15:40   19528   ----a-w-   c:\windows\000001_.tmp
2013-05-30 23:57 . 2013-05-31 00:02   --------   d-----w-   C:\d321eb98beeded867b1c1470
2013-05-28 21:52 . 2013-05-28 21:52   --------   d-----w-   c:\windows\system32\scripting
2013-05-28 21:52 . 2013-05-28 21:52   --------   d-----w-   c:\windows\l2schemas
2013-05-28 21:43 . 2006-12-29 04:31   19569   ----a-w-   c:\windows\002709_.tmp
2013-05-24 17:41 . 2013-05-24 19:37   --------   d-----w-   c:\program files\Norton Security Scan
2013-05-24 17:39 . 2013-05-24 19:37   --------   d-----w-   c:\program files\NortonInstaller
2013-05-22 23:52 . 2013-05-22 23:52   --------   d-----w-   c:\program files\RealNetworks
2013-05-22 23:51 . 2013-05-22 23:51   --------   d-----w-   c:\program files\Common Files\xing shared
2013-05-22 23:50 . 2013-05-22 23:50   153736   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-05-22 23:50 . 2013-05-22 23:50   124504   ----a-w-   c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-05-22 23:49 . 2013-05-22 23:51   --------   d-----w-   c:\program files\real
2013-05-22 15:31 . 2013-05-22 17:39   --------   d-----w-   c:\program files\Uninstaller
2013-05-22 15:23 . 2013-05-22 15:23   --------   d-----w-   c:\program files\Uniblue
2013-05-22 15:21 . 2013-05-22 17:39   --------   d-----w-   c:\program files\Vafmusic2
2013-05-21 22:49 . 2013-05-21 22:49   262552   ----a-w-   c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-11 10:37 . 2013-05-11 10:37   209472   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37   209472   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:55 . 2013-05-28 21:55   45056   ----a-w-   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2013-05-28 21:55 . 2013-05-28 21:55   44032   ----a-w-   c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2013-05-22 23:50 . 2003-02-21 04:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2013-05-22 23:50 . 2003-03-18 20:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2013-05-21 00:06 . 2012-12-11 16:33   37664   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31 . 2012-06-24 14:34   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:31 . 2012-01-28 16:19   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 06:53 . 2011-12-23 17:32   208184   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08 . 2011-02-10 11:54   182072   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2005-01-07 19:20 . 2005-01-07 19:20   278528   ----a-w-   c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 . 2005-01-07 19:20   143360   ----a-w-   c:\program files\internet explorer\plugins\UPjpeg.dll
.

Code Select

<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\WildTangent\Apps\GameChannel .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-22 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Smilebox\\SmileboxStarter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/11/2012 12:33 PM 37664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/30/2011 4:09 PM 163664]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 01:31]
.
2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2009-10-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]
.
2013-06-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
2013-05-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 18:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-06-09 18:06:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-09 22:05
ComboFix2.txt 2013-06-08 22:57
ComboFix3.txt 2013-06-08 00:36
.
Pre-Run: 135,953,690,624 bytes free
Post-Run: 136,316,665,856 bytes free
.
- - End Of File - - C7791445018C1FC739C197C3C1754682

Corrine · June 09, 2013, 10:34:23 PM

Ok, well, you didn't need to restore your computer again. I just wanted to know if the Qoobox log was complete because I thought there were a couple of things shown as removed that I didn't see in there.

Let's take a different route for a 2nd opinion. Please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

mare_wbpa · June 10, 2013, 03:00:49 PM

When I did the Combofix scan it restarts me in Safe Mode and it does the loop thing when I try to start in normal mode. The only way I know to get it back to normal mode is to restore back to B4 the Combofix scan. Should I restore or go to the site you recommend in safe mode?

Corrine · June 10, 2013, 07:35:09 PM

Sorry, I thought from what you posted above that you had already restored your system. There is something I'm not seeing for some reason that is causing the problem after the CF run so restore and then do the ESET online scan, please.

mare_wbpa · June 11, 2013, 02:52:01 AM

I expected more resulta after taking so long.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e634b24b43be7748bdeb426e718753c0
# engine=14043
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-11 02:18:19
# local_time=2013-06-10 10:18:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 0 57107883 0 0
# scanned=121908
# found=10
# cleaned=0
# scan_time=5537
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\application.js"
sh=A28567F233D64A4482C574696B8E549EB91956CD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\bof.jar-434810dc-643e2586.zip"
sh=A28567F233D64A4482C574696B8E549EB91956CD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\bof.jar-77db3132-6682a91a.zip"
sh=90CE0734569A266BDF36EA15997C382A6C0F60D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\gsb2.jar-1a66cb03-4610fcc3.zip"
sh=90CE0734569A266BDF36EA15997C382A6C0F60D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\gsb2.jar-56fc4ab7-4e96aea4.zip"
sh=01C0C2F547E8409F0A5C6B3793DBBD00071D2954 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBU trojan" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-66dd3c33-793e908e.zip"
sh=F2DB072276BFDEFD7FE6AB25EA5D4DB5D00B3742 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario.jar-3846d239-44735a8f.zip"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files\Mozilla Firefox\browser\nsprotector.js"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files\SearchProtect(2)\ffprotect(2)\application.js"
sh=9BE388785D8E5D6BDE3257968D3D91BBE384B86F ft=1 fh=c1c0958652e76fa0 vn="a variant of Win32/AdInstaller application" ac=I fn="D:\I386\APPS\APP17381\src\HPSummer2005.exe"

Corrine · June 11, 2013, 07:23:52 PM

Well, now, things are showing up that were removed before so it appears the System Restore point used may have been prior to running other tools. I'm also seeing Java files in the ESET scan that have not shown up since we started this process. So, let's try yet a different angle with a completely different tool. Do note, however, that the logs are long and it will take me a fair amount of time to complete my review.

Please download OTL by Old Timer. Save it to your Desktop.

Double-click on OTL.exe to run it.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.

mare_wbpa · June 12, 2013, 03:01:30 AM

You're helping me, so take however long you need. I'm at your disposal.

OTL logfile created on: 6/11/2013 7:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 91.23 Mb Available Physical Memory | 23.79% Memory free
943.36 Mb Paging File | 275.75 Mb Available in Paging File | 29.23% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/05/22 19:50:25 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/05/21 18:49:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/14 03:16:34 | 000,215,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\fixcfg.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/21 18:49:02 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
MOD - [2004/08/04 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 21:31:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/22 19:50:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]

[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/06/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:42:47 | 000,000,000 | ---D | M] (Rapportive) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\

O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/05/26 13:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks
[2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/05/22 19:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/05/22 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/05/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Vafmusic2
[2013/05/22 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Web Backups
[2013/05/20 10:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/11 20:25:13 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/11 19:16:18 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/06/11 19:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/11 19:13:23 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 19:16:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:09:26 | 000,007,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/05/20 10:50:14 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/05/14 21:31:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 21:31:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/13 19:16:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 6/11/2013 7:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 91.23 Mb Available Physical Memory | 23.79% Memory free
943.36 Mb Paging File | 275.75 Mb Available in Paging File | 29.23% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"53271:UDP" = 53271:UDP:*:Enabled:SacNetAgentCommunicationPort1
"53272:TCP" = 53272:TCP:*:Enabled:SacNetAgentCommunicationPort2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe:*:Disabled:Smilebox -- (Smilebox, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe" = C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe:*:Enabled:SacNetAgentService -- (Storage Appliance Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{3DBE74CE-8983-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch Update - V3.10
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{416D80BA-6F6

mare_wbpa · June 12, 2013, 03:09:14 AM

while you're poking around these logs, were you able to see where someone got into my computer to access my credit card ?