trojan.vundo, hanam, fakealert, and etc

Started by Ghost, August 31, 2013, 12:56:41 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

Ghost

August 31, 2013, 12:56:41 AM
hi all;-)
a friend asked to take a look at his system.
i ran malwarebytes and found several trojan infections.
DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_20
Run by All Auto Service at 20:44:40 on 2013-08-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.612 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Logitech\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
uDefault_Page_URL = hxxp://www.msn.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [nah_Shell] c:\documents and settings\all auto service\nah_fbun.exe
mRun: [zBrowser Launcher] c:\program files\logitech\iTouch.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [xxvspnsys] rundll32.exe "urpomn.dll",s
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [nnkkkksys] rundll32.exe "urpomn.dll",s
StartupFolder: c:\docume~1\allaut~1\startm~1\programs\startup\impuls~1.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\allaut~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\common files\desktop weather lab\TrueWeather.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202145963425
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{26625608-019C-47B4-B546-1E3435A3BFDB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E3B53F35-3390-479E-993E-3A718642E11F} : DHCPNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: WB - c:\program files\stardock\mycolors\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 urpomn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\all auto service\application data\mozilla\firefox\profiles\rbprnzir.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php|https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1&ltmpl=default&ltmplcache=2|http://dictionary.reference.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - component: c:\documents and settings\all auto service\application data\mozilla\firefox\profiles\rbprnzir.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency.dll
FF - component: c:\documents and settings\all auto service\application data\mozilla\firefox\profiles\rbprnzir.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\all auto service\application data\mozilla\firefox\profiles\rbprnzir.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\components\dtTransparency3.6.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all auto service\application data\mozilla\firefox\profiles\rbprnzir.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\all auto service\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - ExtSQL: 2013-08-13 21:03; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\mcafee\SiteAdvisor
FF - ExtSQL: !HIDDEN! 2009-09-05 01:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-4-9 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-4-9 84200]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-30 101552]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-9 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-7-28 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-7-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-28 141792]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-4-9 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-4-9 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-4-9 88736]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-9 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-4-9 271480]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-4-9 56064]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz132;cpuz132;\??\c:\docume~1\allaut~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\allaut~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-4-9 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-4-9 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-4-9 84488]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 606056]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [2002-9-19 747392]
.
=============== Created Last 30 ================
.
2013-08-30 21:19:23   --------   d-----w-   c:\windows\pss
2013-08-30 21:12:26   --------   d-----w-   c:\documents and settings\all auto service\application data\Malwarebytes
2013-08-30 21:11:45   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2013-08-30 21:11:44   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-08-30 21:11:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-08-30 21:04:58   --------   d-----w-   c:\program files\Power Defrag
2013-08-30 19:33:06   --------   d-sh--w-   C:\FOUND.005
.
==================== Find3M  ====================
.
.
============= FINISH: 20:45:26.49 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2008 12:20:19 PM
System Uptime: 8/30/2013 8:17:31 PM (0 hours ago)
.
Motherboard: Intel Corporation               |  | D865GLC                       
Processor:               Intel(R) Pentium(R) 4 CPU 2.66GHz | J2E1 | 2659/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (FAT32) - 72 GiB total, 21.131 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 3.401 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP511: 6/16/2012 1:34:37 PM - Software Distribution Service 3.0
RP512: 6/26/2012 6:28:03 PM - Software Distribution Service 3.0
RP513: 6/26/2012 10:47:24 PM - Software Distribution Service 3.0
RP514: 9/4/2012 4:13:19 PM - System Checkpoint
RP515: 9/4/2012 9:04:13 PM - Software Distribution Service 3.0
RP516: 9/8/2012 8:49:02 PM - System Checkpoint
RP517: 2/25/2013 7:23:19 PM - System Checkpoint
RP518: 8/15/2013 8:32:46 PM - Software Distribution Service 3.0
RP519: 8/15/2013 9:07:36 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ALLDATA for Windows
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
ATI HYDRAVISION
Belkin USB Wireless Adaptor
Bing Bar
Bonjour
CCleaner
Clone Wars
Critical Update for Windows Media Player 11 (KB959772)
Demigod
Desktop Weather Lab
Driver Detective
EarthLink Internet Setup FREE TRIAL
ERIS 3
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Impulse
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Logitech iTouch Software
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyColors
NetMos Multi-IO Controller
NVIDIA PhysX v8.10.29
ObjectDock
Prometheus
QuickTime
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
System Requirements Lab for Intel
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WhiteSmoke Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/30/2013 4:46:18 PM, error: Service Control Manager [7034]  - The McAfee Validation Trust Protection Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:18 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The SoundMAX Agent Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The McAfee Firewall Core Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
8/30/2013 4:45:17 PM, error: Service Control Manager [7031]  - The McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/30/2013 4:45:17 PM, error: Service Control Manager [7031]  - The McAfee Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/30/2013 4:45:17 PM, error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/30/2013 4:45:17 PM, error: Service Control Manager [7031]  - The McAfee Network Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/30/2013 4:45:17 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/30/2013 4:34:17 PM, error: ati2mtag [43037]  -
.
==== End Of File ===========================

thanks,
Ghost

Ghost

#1
August 31, 2013, 01:26:59 AM
sorry for the delay but had some heavy weather. yikes!
Results of screen317's Security Check version 0.99.73 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300 
CCleaner     
Java(TM) 6 Update 20 
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player    10.1.82.76 Flash Player out of Date! 
Mozilla Firefox 10.0.2 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

thanks,
Ghost

Corrine

#2
August 31, 2013, 01:29:31 AM
Hi, Ghost. 

{Private joke} Beware:  Woman driver!  :hysterical:

At least one of the findings is identified as a backdoor trojan that steals financial information and opens a back door on the compromised computer.  Backdoors cause severe damage to windows' internals, and can allow an attacker complete control over the infected system.  The recommendation in this situation is to reformat and reinstall the operating system.

If your friend wants to proceed with cleaning, he needs to change his passwords from a clean computer, particularly any banking, credit card, or other online bill paying sites, as well as his email password.

1.  Malwarebytes Anti-Malware has the backdoor trojan in detection along with some of the other malware on the computer so, if he wishes to proceed, please start there.

Please download Malwarebytes' Anti-Malware to your desktop from here.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    -- Update Malwarebytes' Anti-Malware and
    -- Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    -- On the Scanner tab, check Perform quick scan.
    -- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

2.  Please also ask him what he uses Acrobat 5 for as it is beyond outdated.  If he doesn't use it, please uninstall it.  In the event he uses it, please find out what he needs it for and perhaps we can find an alternative.

3.  Please include a copy of SecurityCheck in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#3
August 31, 2013, 02:25:51 AM
hi Corrine,
thanks;-)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.30.10

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
All Auto Service :: GOODRICH3 [administrator]

8/30/2013 9:39:22 PM
mbam-log-2013-08-30 (21-39-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 237772
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 16
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SVCHOST.EXE (Trojan.Agent) -> Data: C:\WINDOWS\system32\drivers\svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nah_Shell (Trojan.Hanam) -> Data: C:\Documents and Settings\All Auto Service\nah_fbun.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_id (Malware.Trace) -> Data: 7367798625 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_options (Malware.Trace) -> Data: NEWOPTS -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_server1 (Malware.Trace) -> Data: 78.109.23.2 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_reserv (Malware.Trace) -> Data: 64.191.113.106 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_forms (Malware.Trace) -> Data: /system/prinimalka.py/forms -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_options (Malware.Trace) -> Data: /system/prinimalka.py/options -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_command (Malware.Trace) -> Data: /system/prinimalka.py/command -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_file (Malware.Trace) -> Data: /system/prinimalka.py/cookies -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_ss (Malware.Trace) -> Data: /cgi-bin/trash.py -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_pstorage (Malware.Trace) -> Data: /cgi-bin/trash.py -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_certs (Malware.Trace) -> Data: /cgi-bin/trash.py -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_idproject (Malware.Trace) -> Data: 000057 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion|nah_opt_pauseopt (Malware.Trace) -> Data: 1200 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xxvspnsys (Trojan.Vundo) -> Data: rundll32.exe "urpomn.dll",s -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\Mozilla Firefox\chrome\amba.jar (Trojan.Hanam) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


Results of screen317's Security Check version 0.99.73 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300 
CCleaner     
Java 7 Update 25 
Adobe Flash Player 10 Flash Player out of Date!
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

thanks,
Ghost

Corrine

#4
August 31, 2013, 02:45:40 PM
Thank you, Ghost.

1.  Adobe didn't follow their new practice of updating Flash Player on "Patch Tuesday" in August so the latest update is from July.  Please update for both IE and Firefox:

Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe

Windows XP, Vista and 7:
Flash Player For Internet Explorer 7, 8, 9, 10:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe

2.  Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click AdwCleaner.exe to run the tool.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The  contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you  see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#5
August 31, 2013, 10:23:11 PM
what a day;-(.
# AdwCleaner v3.001 - Report created 31/08/2013 at 18:13:01
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : All Auto Service - GOODRICH3
# Running from : C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\searchplugins\Conduit.xml
File Found : C:\END
Folder Found : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
Folder Found C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\CT3311667
Folder Found C:\Documents and Settings\All Auto Service\Application Data\PriceGong
Folder Found C:\Documents and Settings\All Auto Service\Application Data\SearchProtect
Folder Found C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\All Auto Service\Local Settings\Application Data\cre
Folder Found C:\Documents and Settings\All Auto Service\Local Settings\Application Data\KeyBar_1.8
Folder Found C:\Documents and Settings\All Auto Service\Local Settings\Application Data\PackageAware
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\KeyBar_1.8
Folder Found C:\Program Files\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\d8faef9fcb07ca97d03a5cc0b8f76795
Key Found : HKCU\Software\KeyBar_1.8
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\KeyBar_1.8
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C036623-8FB2-4EA5-9D5F-24E7E3BD8D41}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A824EF3B-127C-4181-95D2-BC9EE5BECF0F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KeyBar_1.8 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_adopjdgphfekoiecgklciallnajkpdgn]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource=61&CUI=UN26658819738979581&UM=2&UP=SPDBDFA0C6-66E9-4894-8FAC-52E1E877DC23

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\prefs.js ]

Line Found : user_pref("CT3311667.FF19Solved", "true");
Line Found : user_pref("CT3311667.UserID", "UN35872936863067813");
Line Found : user_pref("CT3311667.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3311667.fullUserID", "UN35872936863067813.IN.20130830221303");
Line Found : user_pref("CT3311667.installDate", "30/08/2013 22:13:06");
Line Found : user_pref("CT3311667.installSessionId", "-1");
Line Found : user_pref("CT3311667.installSp", "TRUE");
Line Found : user_pref("CT3311667.installerVersion", "1.6.1.1");
Line Found : user_pref("CT3311667.keyword", "true");
Line Found : user_pref("CT3311667.originalHomepage", "hxxp://www.facebook.com/login.php|hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/?tab%3Dwm&s[...]
Line Found : user_pref("CT3311667.originalSearchAddressUrl", "hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=");
Line Found : user_pref("CT3311667.originalSearchEngine", "Bing");
Line Found : user_pref("CT3311667.originalSearchEngineName", "Bing");
Line Found : user_pref("CT3311667.searchRevert", "false");
Line Found : user_pref("CT3311667.searchUserMode", "2");
Line Found : user_pref("CT3311667.smartbar.homepage", "true");
Line Found : user_pref("CT3311667.versionFromInstaller", "10.16.9.6");
Line Found : user_pref("CT3311667.xpeMode", "0");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource=61&CUI=UN35872936863067813&UM=2&UP=SPDBDFA0C6-66E9-4894-8FAC-52E1E877DC23");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=");
Line Found : user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&CUI=UN35872936863067813&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("browser.search.selectedEngine", "KeyBar 1.8 Customized Web Search");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&SearchSource=2&CUI=UN35872936863067813&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3311667");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311667&CUI=UN35872936863067813&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&SearchSource=2&CUI=UN35872936863067813&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311667");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3311667");
Line Found : user_pref("smartbar.machineId", "DQKMSEHJ2C51YXGB4XYJNPEMDZN2CI9H8FRQML+GMVSFVPZXLD29YN8MQU4OLAREIYKZ8NH44S+T+KT8UPBVHQ");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : urls_to_restore_on_startup
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [8546 octets] - [31/08/2013 18:13:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8606 octets] ##########

all can be removed.
thanks,
Ghost

Corrine

#6
August 31, 2013, 11:34:18 PM
Quote from: Ghostall can be removed.

Thank you.  With the recent changes to AdwCleaner, I prefer to ask. 

1.  Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • After the scan has finished,
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
2.  Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
3.  Please follow these instructions carefully.

Download ComboFix from here.

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:

  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#7
September 01, 2013, 02:28:28 PM
hi Corrine;-),
having problems with combofix scan.
combofix wont go past step 50 while deletinjg a folder in C\documents.
tried to run combofix in safe mode but the drivers for safe mode wont lload past DRIVERS\agpCPQ.sys.
i do have the other logs.
# AdwCleaner v3.001 - Report created 31/08/2013 at 19:56:06
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : All Auto Service - GOODRICH3
# Running from : C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\KeyBar_1.8
Folder Deleted : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\cre
Folder Deleted : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\KeyBar_1.8
Folder Deleted : C:\Documents and Settings\All Auto Service\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\All Auto Service\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\CT3311667
Folder Deleted : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
File Deleted : C:\END
File Deleted : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Key Deleted : HKCU\Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Key Deleted : HKCU\Software\d8faef9fcb07ca97d03a5cc0b8f76795
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_adopjdgphfekoiecgklciallnajkpdgn]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CDB273B9-A904-416E-B13F-90024F20A1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C036623-8FB2-4EA5-9D5F-24E7E3BD8D41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A824EF3B-127C-4181-95D2-BC9EE5BECF0F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\KeyBar_1.8
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\KeyBar_1.8 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\prefs.js ]

Line Deleted : user_pref("CT3311667.FF19Solved", "true");
Line Deleted : user_pref("CT3311667.UserID", "UN35872936863067813");
Line Deleted : user_pref("CT3311667.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3311667.fullUserID", "UN35872936863067813.IN.20130830221303");
Line Deleted : user_pref("CT3311667.installDate", "30/08/2013 22:13:06");
Line Deleted : user_pref("CT3311667.installSessionId", "-1");
Line Deleted : user_pref("CT3311667.installSp", "TRUE");
Line Deleted : user_pref("CT3311667.installerVersion", "1.6.1.1");
Line Deleted : user_pref("CT3311667.keyword", "true");
Line Deleted : user_pref("CT3311667.originalHomepage", "hxxp://www.facebook.com/login.php|hxxps://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=hxxps://mail.google.com/mail/?tab%3Dwm&s[...]
Line Deleted : user_pref("CT3311667.originalSearchAddressUrl", "hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=");
Line Deleted : user_pref("CT3311667.originalSearchEngine", "Bing");
Line Deleted : user_pref("CT3311667.originalSearchEngineName", "Bing");
Line Deleted : user_pref("CT3311667.searchRevert", "false");
Line Deleted : user_pref("CT3311667.searchUserMode", "2");
Line Deleted : user_pref("CT3311667.smartbar.homepage", "true");
Line Deleted : user_pref("CT3311667.versionFromInstaller", "10.16.9.6");
Line Deleted : user_pref("CT3311667.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource=61&CUI=UN35872936863067813&UM=2&UP=SPDBDFA0C6-66E9-4894-8FAC-52E1E877DC23");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=");
Line Deleted : user_pref("browser.search.defaultenginename", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&CUI=UN35872936863067813&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "KeyBar 1.8 Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&SearchSource=2&CUI=UN35872936863067813&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3311667");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3311667&CUI=UN35872936863067813&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3311667&octid=CT3311667&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3311667&SearchSource=2&CUI=UN35872936863067813&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3311667");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3311667");
Line Deleted : user_pref("smartbar.machineId", "DQKMSEHJ2C51YXGB4XYJNPEMDZN2CI9H8FRQML+GMVSFVPZXLD29YN8MQU4OLAREIYKZ8NH44S+T+KT8UPBVHQ");

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [8686 octets] - [31/08/2013 18:13:01]
AdwCleaner[R1].txt - [8746 octets] - [31/08/2013 19:54:36]
AdwCleaner[S0].txt - [8101 octets] - [31/08/2013 19:56:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8161 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Microsoft Windows XP x86
Ran by All Auto Service on Sat 08/31/2013 at 19:59:55.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3311667
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{275C7BD8-E10D-4B02-812D-224E68B561CD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5446F3EC-27D2-4C39-924C-579F0F47C175}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Auto Service\Application Data\whitesmoketoolbar"
Successfully deleted: [Folder] "C:\Program Files\otshot"
Successfully deleted: [Folder] "C:\Program Files\whitesmoketoolbar"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\All Auto Service\Application Data\mozilla\firefox\profiles\rbprnzir.default\searchplugins\bing-zugo.xml
Emptied folder: C:\Documents and Settings\All Auto Service\Application Data\mozilla\firefox\profiles\rbprnzir.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/31/2013 at 20:07:03.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thanks,
Ghost

Corrine

#8
September 01, 2013, 05:41:23 PM
Hmmm, first a problem running CF on Anna's computer and now on your friend's computer.   What's going on, Ghost?  :)

Please download OTL by Old TimerSave it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it.  If prompted by UAC, please allow it.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#9
September 01, 2013, 05:59:03 PM
hi Corrine,
here are the 2 logs you requested;-).
OTL logfile created on: 9/1/2013 1:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\All Auto Service\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 590.22 Mb Available Physical Memory | 57.71% Memory free
1.63 Gb Paging File | 1.28 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.65 Gb Total Space | 19.72 Gb Free Space | 27.52% Space Free | Partition Type: FAT32
Drive D: | 4.99 Gb Total Space | 3.40 Gb Free Space | 68.13% Space Free | Partition Type: FAT32

Computer Name: GOODRICH3 | User Name: All Auto Service | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
PRC - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/03/10 06:46:14 | 005,791,744 | ---- | M] (BIA Information Network) -- C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 18:45:32 | 003,446,512 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2003/03/20 15:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/29 01:59:00 | 000,520,192 | ---- | M] (Logitech Inc.                    ) -- C:\Program Files\Logitech\iTouch.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/24 18:25:44 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 00:19:26 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 16:20:26 | 000,214,800 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Search\SearchDocklet.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 14:23:46 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Services (SafeList) ==========

SRV - [2013/08/31 18:11:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/08/30 22:00:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/08 15:09:10 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/04 18:23:50 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/01/10 01:40:38 | 002,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/04/01 18:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/08/28 23:00:48 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\admjoy.sys -- (admjoy)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/05/23 11:59:00 | 000,010,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2001/08/17 12:19:14 | 000,747,392 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adm8830.sys -- (wdm_au8830)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes,DefaultScope = {019F8F72-2B3A-45DD-896F-4E5F9406145B}
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{019F8F72-2B3A-45DD-896F-4E5F9406145B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{E7E123D1-9504-4490-BED1-F7FD9D276F74}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.126
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2009/07/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/02/05 11:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/02/05 11:09:58 | 000,000,000 | ---D | M]

[2009/03/03 21:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions
[2008/02/05 11:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions
[2010/09/27 16:22:04 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/08/31 18:07:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/27 17:27:10 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2008/02/05 11:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/05 11:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/30 22:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/30 22:01:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

========== Chrome  ==========

CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe (Logitech Inc.                    )
O4 - HKU\.DEFAULT..\Run: [nnkkkksys] rundll32.exe "urpomn.dll",s File not found
O4 - HKU\S-1-5-18..\Run: [nnkkkksys] rundll32.exe "urpomn.dll",s File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Weather Lab.lnk = C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe (BIA Information Network)
O4 - Startup: C:\Documents and Settings\All Auto Service\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202145963425 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26625608-019C-47B4-B546-1E3435A3BFDB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B53F35-3390-479E-993E-3A718642E11F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WB: DllName - (C:\Program Files\Stardock\MyColors\fastload.dll) - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/19 14:27:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 13:48:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:43:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Auto Service\Recent
[2013/09/01 13:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\ElevatedDiagnostics
[2013/09/01 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/09/01 13:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/09/01 10:09:32 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2013/08/31 21:44:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Start Menu\Programs\Revo Uninstaller
[2013/08/31 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/08/31 20:15:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/31 20:14:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/31 20:14:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/31 20:14:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/31 20:14:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/31 20:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 20:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/31 19:59:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/31 19:52:34 | 005,115,930 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/08/31 19:52:17 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/31 18:12:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/31 18:06:28 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/31 18:06:28 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/30 23:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/30 22:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Adobe
[2013/08/30 22:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Temp
[2013/08/30 22:13:29 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/08/30 22:13:29 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/08/30 22:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Oracle
[2013/08/30 22:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Sun
[2013/08/30 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/08/30 22:06:38 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/30 22:06:37 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/08/30 22:06:37 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/30 22:06:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/30 22:06:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/30 22:06:34 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/30 20:43:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 17:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/08/30 17:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Malwarebytes
[2013/08/30 17:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/30 17:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/30 17:11:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/30 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/30 17:11:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/08/30 17:11:43 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/08/30 17:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Power Defrag
[2013/08/30 16:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Desktop\Reg Mech5 and keys
[2013/08/30 16:40:52 | 000,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\TFC.exe
[2013/08/30 16:40:40 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\All Auto Service\Desktop\ATF-Cleaner.exe

========== Files - Modified Within 30 Days ==========

[2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:46:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/01 13:42:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/01 13:41:58 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 13:39:04 | 000,433,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/01 13:39:04 | 000,067,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/01 13:23:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/01 13:14:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B19E3344-6905-4B33-8888-DC4DC170B616}.job
[2013/08/31 21:34:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 21:29:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/31 19:52:54 | 005,115,930 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/08/31 19:52:20 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/31 18:18:54 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2013/08/31 18:11:54 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/31 18:11:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/31 18:09:34 | 000,994,642 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
[2013/08/31 16:45:52 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/31 16:45:50 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Google Chrome.lnk
[2013/08/31 12:35:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/30 22:06:26 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/08/30 22:06:26 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/08/30 22:06:26 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/30 22:06:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/30 22:06:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/30 22:06:26 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/30 22:06:26 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/30 20:43:36 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 20:43:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 20:17:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/30 17:14:34 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:48 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk
[2013/08/03 14:18:38 | 001,543,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdecod.dll

========== Files Created - No Company Name ==========

[2013/09/01 13:34:41 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/08/31 21:34:34 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 20:15:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/31 20:15:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/31 20:14:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/31 20:14:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/31 20:14:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/31 20:14:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/31 20:14:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/31 18:09:36 | 000,994,642 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
[2013/08/31 18:06:31 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/30 20:43:33 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 17:11:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:47 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk
[2013/08/30 16:35:12 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2012/02/21 15:24:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/01 17:35:12 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences2.dat
[2010/06/01 17:35:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex__preferences3.dat
[2009/07/29 21:08:32 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJat.gif
[2009/07/29 21:08:32 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJzn.gif
[2009/07/29 21:08:32 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJby.gif
[2009/05/06 18:38:22 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2002/09/19 15:33:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


OTL Extras logfile created on: 9/1/2013 1:50:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\All Auto Service\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 590.22 Mb Available Physical Memory | 57.71% Memory free
1.63 Gb Paging File | 1.28 Gb Available in Paging File | 78.17% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.65 Gb Total Space | 19.72 Gb Free Space | 27.52% Space Free | Partition Type: FAT32
Drive D: | 4.99 Gb Total Space | 3.40 Gb Free Space | 68.13% Space Free | Partition Type: FAT32

Computer Name: GOODRICH3 | User Name: All Auto Service | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe" = C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe:*:Enabled:TrueWeather -- (BIA Information Network)
"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\WINDOWS\EXPLORER.EXE" = C:\WINDOWS\EXPLORER.EXE:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe" = C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Enabled:Demigod -- (Gas Powered Games)
"C:\Program Files\Indie Games\Prometheus\Binaries\Win32\UDK.exe" = C:\Program Files\Indie Games\Prometheus\Binaries\Win32\UDK.exe:*:Enabled:UDK -- (Epic Games, Inc.)
"C:\Program Files\Runes of Magic\Client.exe" = C:\Program Files\Runes of Magic\Client.exe:*:Enabled:Runes of Magic
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1DD26D94-083B-4D4E-BBCB-C7283492C89B}" = EarthLink Internet Setup FREE TRIAL
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6112EA9C-34B4-11D5-9187-0040C72A0D12}" = ERIS 3
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA for Windows
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Demigod" = Demigod
"Desktop Weather Lab" = Desktop Weather Lab
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}" = Belkin USB Wireless Adaptor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyColors" = MyColors
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ObjectDock" = ObjectDock
"Prometheus" = Prometheus
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"Revo Uninstaller" = Revo Uninstaller 1.71
"UnityWebPlayer" = Unity Web Player
"whitesmoketoolbar" = WhiteSmoke Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SOE-Clone Wars" = Clone Wars

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/31/2013 9:30:52 PM | Computer Name = GOODRICH3 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3

Error - 8/31/2013 9:33:13 PM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2013 9:40:29 PM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application revouninstaller.exe, version 1.7.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2013 9:42:26 PM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application revouninstaller.exe, version 1.7.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2013 9:43:55 PM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application revouninstaller.exe, version 1.7.1.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2013 9:28:31 AM | Computer Name = GOODRICH3 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3

Error - 9/1/2013 10:19:04 AM | Computer Name = GOODRICH3 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3

Error - 9/1/2013 11:21:40 AM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application irsetup.exe, version 6.0.1.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2013 11:35:18 AM | Computer Name = GOODRICH3 | Source = Application Hang | ID = 1002
Description = Hanging application irsetup.exe, version 6.0.1.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/1/2013 1:42:43 PM | Computer Name = GOODRICH3 | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3

[ System Events ]
Error - 8/31/2013 6:38:58 PM | Computer Name = GOODRICH3 | Source = Service Control Manager | ID = 7034
Description = The McAfee Firewall Core Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/31/2013 6:38:58 PM | Computer Name = GOODRICH3 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
1 time(s).

Error - 8/31/2013 6:40:22 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 8/31/2013 7:58:18 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 8/31/2013 9:15:44 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 8/31/2013 9:27:31 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 8/31/2013 9:30:51 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 9/1/2013 9:28:27 AM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 9/1/2013 10:18:30 AM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =

Error - 9/1/2013 1:42:25 PM | Computer Name = GOODRICH3 | Source = ati2mtag | ID = 43037
Description =


< End of report >

Corrine

#10
September 01, 2013, 10:35:54 PM
Hi, Ghost.  I hope you're all rested after your busy day yesterday. 

1.  Perform a Custom Fix with OTL
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code Select

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes,DefaultScope = {019F8F72-2B3A-45DD-896F-4E5F9406145B}
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2009/03/03 21:20:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions
[2008/02/05 11:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions
[2010/09/27 16:22:04 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/08/31 18:07:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/02/05 11:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/05 11:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/08/30 22:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/30 22:01:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
O4 - HKU\.DEFAULT..\Run: [nnkkkksys] rundll32.exe "urpomn.dll",s File not found
O4 - HKU\S-1-5-18..\Run: [nnkkkksys] rundll32.exe "urpomn.dll",s File not found
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Commands
[EMPTYTEMP]
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
After posting the resulting log, please Rescan as follows:  Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.

2.  Please go here to run an on-line scan from ESET.

  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#11
September 02, 2013, 12:32:56 AM
hi corrine;-),
the logs you requested:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
HKEY_USERS\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\META-INF folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} folder moved successfully.
C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions folder moved successfully.
Folder C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\ not found.
Folder C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\nnkkkksys deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\nnkkkksys not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: All Auto Service
->Temp folder emptied: 701 bytes
->Temporary Internet Files folder emptied: 5356378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3174 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 350858782 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 340.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09012013_184936

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 9/1/2013 6:57:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\All Auto Service\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 622.25 Mb Available Physical Memory | 60.84% Memory free
1.63 Gb Paging File | 1.30 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.65 Gb Total Space | 19.93 Gb Free Space | 27.82% Space Free | Partition Type: FAT32
Drive D: | 4.99 Gb Total Space | 3.40 Gb Free Space | 68.13% Space Free | Partition Type: FAT32

Computer Name: GOODRICH3 | User Name: All Auto Service | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
PRC - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/03/10 06:46:14 | 005,791,744 | ---- | M] (BIA Information Network) -- C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 18:45:32 | 003,446,512 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2003/03/20 15:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/29 01:59:00 | 000,520,192 | ---- | M] (Logitech Inc.                    ) -- C:\Program Files\Logitech\iTouch.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/24 18:25:44 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 00:19:26 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 16:20:26 | 000,214,800 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Search\SearchDocklet.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 14:23:46 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Services (SafeList) ==========

SRV - [2013/08/31 18:11:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/08/30 22:00:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/08 15:09:10 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/04 18:23:50 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/01/10 01:40:38 | 002,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/04/01 18:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/08/28 23:00:48 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\admjoy.sys -- (admjoy)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/05/23 11:59:00 | 000,010,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2001/08/17 12:19:14 | 000,747,392 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adm8830.sys -- (wdm_au8830)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{019F8F72-2B3A-45DD-896F-4E5F9406145B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\SearchScopes\{E7E123D1-9504-4490-BED1-F7FD9D276F74}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.126
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2009/07/30 13:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/02/05 11:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/02/05 11:09:58 | 000,000,000 | ---D | M]

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL AUTO SERVICE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RBPRNZIR.DEFAULT\EXTENSIONS\{000F1EA4-5E08-4564-A29B-29076F63A37A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL AUTO SERVICE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RBPRNZIR.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

========== Chrome  ==========

CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe (Logitech Inc.                    )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Weather Lab.lnk = C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe (BIA Information Network)
O4 - Startup: C:\Documents and Settings\All Auto Service\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2690830018-1338925969-3737155391-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202145963425 (WUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26625608-019C-47B4-B546-1E3435A3BFDB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B53F35-3390-479E-993E-3A718642E11F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WB: DllName - (C:\Program Files\Stardock\MyColors\fastload.dll) - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/19 14:27:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 18:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/01 14:09:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Auto Service\Recent
[2013/09/01 13:48:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\ElevatedDiagnostics
[2013/09/01 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/09/01 13:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/09/01 10:09:32 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2013/08/31 21:44:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Start Menu\Programs\Revo Uninstaller
[2013/08/31 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/08/31 20:15:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/31 20:14:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/31 20:14:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/31 20:14:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/31 20:14:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/31 20:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 20:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/31 19:59:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/31 19:52:34 | 005,115,930 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/08/31 19:52:17 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/31 18:12:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/30 23:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/30 22:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Adobe
[2013/08/30 22:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Temp
[2013/08/30 22:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Oracle
[2013/08/30 22:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Sun
[2013/08/30 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/30 20:43:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 17:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/08/30 17:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Malwarebytes
[2013/08/30 17:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/30 17:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/30 17:11:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/30 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/30 17:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Power Defrag
[2013/08/30 16:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Desktop\Reg Mech5 and keys
[2013/08/30 16:40:52 | 000,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\TFC.exe

========== Files - Modified Within 30 Days ==========

[2013/09/01 18:51:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/01 18:51:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/01 18:50:56 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 18:49:40 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2013/09/01 18:23:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/01 18:09:28 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B19E3344-6905-4B33-8888-DC4DC170B616}.job
[2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:39:04 | 000,433,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/01 13:39:04 | 000,067,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/31 21:34:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 21:29:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/31 19:52:54 | 005,115,930 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/08/31 19:52:20 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/31 18:09:34 | 000,994,642 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
[2013/08/31 16:45:52 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/31 16:45:50 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Google Chrome.lnk
[2013/08/31 12:35:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/30 20:43:36 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 20:43:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 20:17:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/30 17:14:34 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:48 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk

========== Files Created - No Company Name ==========

[2013/09/01 13:34:41 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/08/31 21:34:34 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 20:15:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/31 20:15:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/31 20:14:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/31 20:14:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/31 20:14:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/31 20:14:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/31 20:14:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/31 18:09:36 | 000,994,642 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\AdwCleaner.exe
[2013/08/31 18:06:31 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/30 20:43:33 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 17:11:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:47 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk
[2013/08/30 16:35:12 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2012/02/21 15:24:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/01 17:35:12 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences2.dat
[2010/06/01 17:35:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex__preferences3.dat
[2009/07/29 21:08:32 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJat.gif
[2009/07/29 21:08:32 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJzn.gif
[2009/07/29 21:08:32 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJby.gif
[2009/05/06 18:38:22 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2002/09/19 15:33:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2002/09/19 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2009/03/10 06:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Weather Lab
[2010/06/18 16:41:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}
[2010/06/18 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/18 21:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/18 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/11/19 21:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/07/30 13:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2002/09/19 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\InterTrust
[2009/04/12 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Acreon
[2010/06/18 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Stardock
[2010/06/18 22:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\SystemRequirementsLab
[2010/09/27 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Sony Online Entertainment
[2013/08/30 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Oracle
[2013/09/01 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\ElevatedDiagnostics

========== Purity Check ==========



< End of report >

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=671246118e36044baab8091795f29e80
# engine=14977
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-02 12:21:39
# local_time=2013-09-01 08:21:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=77542
# found=29
# cleaned=0
# scan_time=2705
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\ffprotect\nsprotector.js.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\bin\cltmng.exe.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\bin\ChromeModule.dll.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\bin\SPHook32.dll.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\ffprotect\nsprotector.js.vir"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\bin\cltmng.exe.vir"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\bin\ChromeModule.dll.vir"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\bin\FirefoxModule.dll.vir"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\bin\InternetExplorerModule.dll.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Auto Service\Application Data\SearchProtect\bin\SPHook32.dll.vir"
sh=C3F9EB40D12E47C091C3DB3AC56CB5DBD879FB2A ft=0 fh=0000000000000000 vn="Win32/Toolbar.WhiteSmoke application" ac=I fn="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.htm"
sh=69FA14C01449182CA6AE2A04B7E622226859F834 ft=0 fh=0000000000000000 vn="Win32/Toolbar.WhiteSmoke application" ac=I fn="C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.xul"
sh=8CF380C804ACAE74BFF1DF36FD4A473376AC1EFD ft=0 fh=0000000000000000 vn="LNK/URL.B trojan" ac=I fn="C:\Documents and Settings\All Auto Service\Desktop\Unused Desktop Shortcuts\Improve Your PC.lnk"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files\Mozilla Firefox\browser\nsprotector.js"
sh=B10C697BEB5362F5E7787765056BD2D81E44CCC3 ft=1 fh=44f738c7f8d394c4 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP521\A0311052.exe"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312425.exe"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312427.dll"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312428.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312429.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312430.dll"
sh=FD93CCAEBA15517CE2171A1637BC837D393ADE8E ft=1 fh=fe17121cad1ff256 vn="a variant of Win32/Conduit.SearchProtect.B application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312451.exe"
sh=3E528BF4BF06F3491D6D62CB756FACD726252E87 ft=1 fh=fdc38ff3be82d55a vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312453.dll"
sh=6DC7867B24FA6111D0C6F71D4356B2EBC5C2C876 ft=1 fh=6a49d7d1db4b2cc3 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312454.dll"
sh=CDB2DB2021C21556EB82F4316978B0382329809A ft=1 fh=0ce4d20c39ddf5b9 vn="a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312455.dll"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="probably a variant of Win32/Conduit.SearchProtect.C application" ac=I fn="C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312456.dll"
thanks,
Ghost
QuoteHi, Ghost.  I hope you're all rested after your busy day yesterday.
yes i am. abit stiff but ill work that out tuesday;-).

Corrine

#12
September 02, 2013, 02:20:07 AM
Considering all the work you did, no surprise your body is feeling the results.

Let's take care of what ESET found.  Please follow the steps in the order provided.

1.  Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
2.  Perform a Custom Fix with OTL
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code Select

:Commands
[CREATERESTOREPOINT]

:File
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.htm
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.xul
C:\Documents and Settings\All Auto Service\Desktop\Unused Desktop Shortcuts\Improve Your PC.lnk
C:\Program Files\Mozilla Firefox\browser\nsprotector.js
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP521\A0311052.exe
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312425.exe
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312427.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312428.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312429.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312430.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312451.exe
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312453.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312454.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312455.dll
C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312456.dll

:Commands
[EMPTYTEMP]
[Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
After posting the resulting log, please Rescan as follows:  Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#13
September 02, 2013, 02:53:12 AM
hi corrine;-),
the logs;-)
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <:File> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.htm> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9whv5kdv.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.xul> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Auto Service\Desktop\Unused Desktop Shortcuts\Improve Your PC.lnk> in the current context!
Error: Unable to interpret <C:\Program Files\Mozilla Firefox\browser\nsprotector.js> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP521\A0311052.exe> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312425.exe> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312427.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312428.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312429.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312430.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312451.exe> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312453.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312454.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312455.dll> in the current context!
Error: Unable to interpret <C:\System Volume Information\_restore{14874350-B584-4C0B-8A8D-8E53BB0D9100}\RP524\A0312456.dll> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Auto Service
->Temp folder emptied: 197466 bytes
->Temporary Internet Files folder emptied: 5275893 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09012013_223203

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

and
OTL logfile created on: 9/1/2013 10:39:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\All Auto Service\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 612.09 Mb Available Physical Memory | 59.85% Memory free
1.63 Gb Paging File | 1.31 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.65 Gb Total Space | 19.93 Gb Free Space | 27.82% Space Free | Partition Type: FAT32
Drive D: | 4.99 Gb Total Space | 3.40 Gb Free Space | 68.13% Space Free | Partition Type: FAT32
Drive F: | 3.82 Gb Total Space | 2.59 Gb Free Space | 67.98% Space Free | Partition Type: FAT32

Computer Name: GOODRICH3 | User Name: All Auto Service | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
PRC - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/03/10 06:46:14 | 005,791,744 | ---- | M] (BIA Information Network) -- C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/24 18:45:32 | 003,446,512 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2003/03/20 15:05:42 | 000,774,144 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/05/29 01:59:00 | 000,520,192 | ---- | M] (Logitech Inc.                    ) -- C:\Program Files\Logitech\iTouch.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/24 18:25:44 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 00:19:26 | 000,026,392 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 16:20:26 | 000,214,800 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\Docklets\Search\SearchDocklet.dll
MOD - [2007/04/21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 14:23:46 | 000,095,944 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/03/13 19:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\ODimg.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV - [2013/08/31 18:11:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 22:06:26 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/08/30 22:00:58 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ALLAUT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/08 15:09:10 | 000,606,056 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/04 18:23:50 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008/01/10 01:40:38 | 002,846,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/07/14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2003/04/01 18:55:18 | 000,033,183 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/08/28 23:00:48 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\admjoy.sys -- (admjoy)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/05/23 11:59:00 | 000,010,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2001/08/17 12:19:14 | 000,747,392 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adm8830.sys -- (wdm_au8830)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {019F8F72-2B3A-45DD-896F-4E5F9406145B}
IE - HKCU\..\SearchScopes\{019F8F72-2B3A-45DD-896F-4E5F9406145B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
IE - HKCU\..\SearchScopes\{E7E123D1-9504-4490-BED1-F7FD9D276F74}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: {52794457-af6c-4c50-9def-f2e24f4c8889}:2.8.0.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/02/05 11:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/02/05 11:09:58 | 000,000,000 | ---D | M]

[2013/09/01 22:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions
[2013/09/01 19:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\All Auto Service\Application Data\Mozilla\Extensions-BackupByFirefoxPortable

========== Chrome  ==========

CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch.exe (Logitech Inc.                    )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Weather Lab.lnk = C:\Program Files\Common Files\Desktop Weather Lab\TrueWeather.exe (BIA Information Network)
O4 - Startup: C:\Documents and Settings\All Auto Service\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202145963425 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26625608-019C-47B4-B546-1E3435A3BFDB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B53F35-3390-479E-993E-3A718642E11F}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WB: DllName - (C:\Program Files\Stardock\MyColors\fastload.dll) - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/19 14:27:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 22:29:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Auto Service\Recent
[2013/09/01 22:28:04 | 000,000,000 | -HSD | C] -- C:\Recycled
[2013/09/01 22:14:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/09/01 19:11:32 | 003,191,888 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\All Auto Service\Desktop\MCPR.exe
[2013/09/01 19:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/01 18:49:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/01 13:48:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\ElevatedDiagnostics
[2013/09/01 13:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/09/01 13:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/09/01 10:09:32 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/08/31 21:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Start Menu\Programs\Revo Uninstaller
[2013/08/31 20:15:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/31 20:14:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/08/31 20:14:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/08/31 20:14:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/08/31 20:14:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/08/31 20:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 20:13:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/08/31 19:59:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/31 19:52:34 | 005,116,805 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/08/31 19:52:17 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/30 23:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/30 22:29:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Adobe
[2013/08/30 22:14:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Temp
[2013/08/30 22:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Oracle
[2013/08/30 22:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Local Settings\Application Data\Sun
[2013/08/30 22:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/30 22:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/08/30 20:43:11 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 17:19:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/08/30 17:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Application Data\Malwarebytes
[2013/08/30 17:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/30 17:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/30 17:11:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/30 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/30 17:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Power Defrag
[2013/08/30 16:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Auto Service\Desktop\Reg Mech5 and keys
[2013/08/30 16:40:52 | 000,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\TFC.exe

========== Files - Modified Within 30 Days ==========

[2013/09/01 22:38:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/01 22:34:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/01 22:34:10 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 22:13:54 | 005,116,805 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\ComboFix.exe
[2013/09/01 21:48:24 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B19E3344-6905-4B33-8888-DC4DC170B616}.job
[2013/09/01 21:23:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/01 20:42:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/01 19:11:40 | 003,191,888 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Auto Service\Desktop\MCPR.exe
[2013/09/01 18:49:40 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2013/09/01 13:48:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Auto Service\Desktop\OTL.exe
[2013/09/01 13:39:04 | 000,433,548 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/01 13:39:04 | 000,067,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/31 21:34:36 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 19:52:20 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\All Auto Service\Desktop\JRT.exe
[2013/08/31 16:45:52 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/31 16:45:50 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Google Chrome.lnk
[2013/08/31 12:35:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/30 20:43:36 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 20:43:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\All Auto Service\Desktop\dds.scr
[2013/08/30 20:17:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/08/30 17:14:34 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:48 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk

========== Files Created - No Company Name ==========

[2013/09/01 13:34:41 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/08/31 21:34:34 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Revo Uninstaller.lnk
[2013/08/31 20:15:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/08/31 20:15:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/31 20:14:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/08/31 20:14:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/08/31 20:14:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/08/31 20:14:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/08/31 20:14:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/31 18:06:31 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/30 20:43:33 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\SecurityCheck.exe
[2013/08/30 17:11:46 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/30 17:09:47 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Desktop\Shortcut to PowerDefragmenter.lnk
[2013/08/30 16:35:12 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
[2012/02/21 15:24:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/01 17:35:12 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences2.dat
[2010/06/01 17:35:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex__preferences3.dat
[2009/07/29 21:08:32 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJat.gif
[2009/07/29 21:08:32 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJzn.gif
[2009/07/29 21:08:32 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\All Auto Service\Application Data\5eT7WQpJby.gif
[2009/05/06 18:38:22 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\All Auto Service\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2002/09/19 15:33:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/03/10 06:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Weather Lab
[2010/06/18 16:41:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{18B9435B-CD3C-4E7E-A6EB-65605DCDDEC8}
[2010/06/18 16:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/06/18 21:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/06/18 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2011/11/19 21:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2002/09/19 15:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\InterTrust
[2009/04/12 19:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Acreon
[2010/06/18 16:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Stardock
[2010/06/18 22:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\SystemRequirementsLab
[2010/09/27 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Sony Online Entertainment
[2013/08/30 22:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\Oracle
[2013/09/01 13:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Auto Service\Application Data\ElevatedDiagnostics

========== Purity Check ==========



< End of report >

QuoteConsidering all the work you did, no surprise your body is feeling the results.
it has been along time since i cut up that much wood but it was more money;-)
thanks,
Ghost

Ghost

#14
September 02, 2013, 03:19:59 PM
hi corrine;-),
sucess!
i went in and found the folder that was causing combofix to stall. it was empty so i deleted it and ran combofix which ran completely including rebooting the puter.
ComboFix 13-09-02.02 - All Auto Service 09/02/2013  11:03:49.5.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.642 [GMT -4:00]
Running from: c:\documents and settings\All Auto Service\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-02 to 2013-09-02  )))))))))))))))))))))))))))))))
.
.
2013-09-01 23:07 . 2013-09-01 23:07   --------   d-----w-   c:\program files\ESET
2013-09-01 22:49 . 2013-09-01 22:49   --------   d-----w-   C:\_OTL
2013-09-01 17:27 . 2013-09-01 17:27   --------   d-----w-   c:\documents and settings\All Auto Service\Application Data\ElevatedDiagnostics
2013-09-01 14:09 . 2013-09-01 14:09   --------   d-----w-   C:\FOUND.000
2013-09-01 01:34 . 2013-09-01 01:34   --------   d-----w-   c:\program files\VS Revo Group
2013-08-31 23:59 . 2013-08-31 23:59   --------   d-----w-   c:\windows\ERUNT
2013-08-31 22:06 . 2013-08-31 22:11   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-31 22:06 . 2013-08-31 22:11   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-08-31 20:39 . 2013-08-31 20:39   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2013-08-31 03:15 . 2013-08-31 03:15   --------   d-----w-   c:\windows\system32\MRT
2013-08-31 02:29 . 2013-08-31 02:29   --------   d-----w-   c:\documents and settings\All Auto Service\Local Settings\Application Data\Adobe
2013-08-31 02:14 . 2013-08-31 02:14   --------   d-----w-   c:\documents and settings\All Auto Service\Local Settings\Application Data\Temp
2013-08-31 02:13 . 2013-05-08 06:10   770384   ----a-w-   c:\windows\system32\msvcr100.dll
2013-08-31 02:13 . 2013-05-08 06:10   421200   ----a-w-   c:\windows\system32\msvcp100.dll
2013-08-31 02:08 . 2013-08-31 02:08   --------   d-----w-   c:\documents and settings\All Auto Service\Application Data\Oracle
2013-08-31 02:07 . 2013-08-31 02:07   --------   d-----w-   c:\documents and settings\All Auto Service\Local Settings\Application Data\Sun
2013-08-31 02:06 . 2013-08-31 02:06   --------   d-----w-   c:\program files\Common Files\Java
2013-08-31 02:06 . 2013-08-31 02:06   144896   ----a-w-   c:\windows\system32\javacpl.cpl
2013-08-31 02:06 . 2013-08-31 02:06   867240   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-08-31 02:06 . 2013-08-31 02:06   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-08-31 02:01 . 2013-08-31 02:01   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2013-08-31 02:00 . 2013-08-31 02:01   74136   ----a-w-   c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-08-31 02:00 . 2013-08-31 02:01   262552   ----a-w-   c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-31 02:00 . 2013-08-31 02:00   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2013-08-31 02:00 . 2013-08-31 02:00   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2013-08-31 02:00 . 2013-08-31 02:00   3429784   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2013-08-31 02:00 . 2013-08-31 02:00   193832   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-08-31 02:00 . 2013-08-31 02:00   158104   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2013-08-31 02:00 . 2013-08-31 02:00   117656   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-08-31 02:00 . 2013-08-31 02:00   92056   ----a-w-   c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-08-31 02:00 . 2013-08-31 02:00   26520   ----a-w-   c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-08-31 02:00 . 2013-08-31 02:00   170232   ----a-w-   c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-08-30 21:12 . 2013-08-30 21:12   --------   d-----w-   c:\documents and settings\All Auto Service\Application Data\Malwarebytes
2013-08-30 21:11 . 2013-08-30 21:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-30 21:11 . 2013-08-30 21:11   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-08-30 21:11 . 2013-04-04 18:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-08-30 21:11 . 2013-02-12 00:32   12928   ------w-   c:\windows\system32\dllcache\usb8023x.sys
2013-08-30 21:11 . 2013-02-12 00:32   12928   ------w-   c:\windows\system32\dllcache\usb8023.sys
2013-08-30 21:04 . 2013-08-30 21:05   --------   d-----w-   c:\program files\Power Defrag
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-31 02:06 . 2010-06-19 03:17   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-08-03 18:18 . 2006-10-19 01:47   1543680   ------w-   c:\windows\system32\wmvdecod.dll
2013-07-26 02:47 . 2006-06-23 15:33   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2002-09-19 18:02   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2002-09-19 18:02   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-07-25 15:53 . 2008-02-04 18:02   385024   ----a-w-   c:\windows\system32\html.iec
2013-07-10 10:37 . 2002-09-19 18:03   406016   ----a-w-   c:\windows\system32\usp10.dll
2013-07-04 02:59 . 2002-09-19 18:02   2193536   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2002-08-29 05:04   2070144   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch.exe" [2002-05-29 520192]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\documents and settings\All Auto Service\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-6-18 3446512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Weather Lab.lnk - c:\program files\Common Files\Desktop Weather Lab\TrueWeather.exe  -d 10,000 [2008-2-6 5791744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-09-29 16:20   30000   ----a-w-   c:\program files\Stardock\MyColors\fastload.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 23:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-03 21:42   116648   ----a-w-   c:\documents and settings\All Auto Service\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36   114688   ----a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35   94208   ----a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 23:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32   253816   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Desktop Weather Lab\\TrueWeather.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"c:\\Program Files\\Indie Games\\Prometheus\\Binaries\\Win32\\UDK.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [7/8/2010 3:09 PM 606056]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [9/19/2002 2:14 PM 747392]
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-02 c:\windows\Tasks\User_Feed_Synchronization-{B19E3344-6905-4B33-8888-DC4DC170B616}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2012-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2690830018-1338925969-3737155391-1004Core1cea5c06d1071a0.job
- c:\documents and settings\All Auto Service\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-03 21:42]
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-31 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\All Auto Service\Application Data\Mozilla\Firefox\Profiles\rbprnzir.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-whitesmoketoolbar - c:\program files\whitesmoketoolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-02 11:12
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\MyColors\fastload.dll
.
- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Desktop Weather Lab\TrueWeather.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-09-02  11:16:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-02 15:16
.
Pre-Run: 21,401,812,992 bytes free
Post-Run: 21,351,432,192 bytes free
.
- - End Of File - - 51230CEF43E0A10C255625850C1CA29E
8F558EB6672622401DA993E1E865C861

thanks,
Ghost
Print
Go Up Pages1 2
User actions