SF Shoim

Honorary Members
  • Content count

    88
  • Joined

  • Last visited

About SF Shoim

  • Rank
    Regular Member

Contact Methods

  • ICQ
    0
  1. My XP computer has been slowing down considerably lately & I've occasionally been getting websites different from my default URL when I open Firefox. I've run scans with MalwareBytes & AVG...but they don't seem to pick up any malware.
  2. I checked my Control Panel/User Accounts and the only user is me as Administrator. Should I change the password or is there some other way to "promote" my acct. Also I'm fairly adept at fixing things on my PC.
  3. I just had my PC - running XP Pro - cleaned of malware....thanks to the MBAM team!! During the various steps I was asked to run one of the utilities "as Admin" and I wasn't able to access Administrator as it didn't accept any of my passwords. Is there some way to reset Administrator without reloading XP & all of my programs?
  4. I just had my PC - running XP Pro - cleaned of malware....thanks to the MBAM team!! During the various steps I was asked to run one of the utilities "as Admin" and I wasn't able to access Administrator as it didn't accept any of my passwords. Is there some way to reset Administrator without reloading XP & all of my programs?
  5. Gringo...thanks for your help. Per your suggestion I have deleted my antivirus programs other than MSE. My PC seems to be responding faster. Peace!!
  6. I ran ESET scan: C:\2011_E-Drive\Downloads\LimeWireWin(5).exe multiple threats C:\2011_E-Drive\Downloads\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application C:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(2).exe a variant of Win32/AdInstaller application C:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(3).exe a variant of Win32/AdInstaller application C:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(4).exe a variant of Win32/AdInstaller application C:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application C:\Downloads\cbdownloadatozregistrybooster.exe Win32/RegistryBooster application C:\Downloads\cnet_jre-6u27-windows-i586_exe.exe a variant of Win32/InstallCore.D application C:\Downloads\cnet_jre-7-windows-i586_exe.exe a variant of Win32/InstallCore.D application C:\Downloads\cnet_Opera_1151_1087_int_distribution_00_exe.exe a variant of Win32/InstallCore.D application C:\Downloads\CNET_TechTracker_2_0_3_59_a_Setup.exe Win32/OpenCandy application C:\Downloads\DefragSetup.exe a variant of Win32/Toolbar.Widgi application C:\Downloads\tb_free.exe a variant of Win32/TFTPD32.A application C:\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application C:\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application C:\Downloads\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application C:\Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application C:\Program Files\EASEUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A application C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application E:\2011_E-Drive\Downloads\LimeWireWin(5).exe multiple threats E:\2011_E-Drive\Downloads\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application E:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(2).exe a variant of Win32/AdInstaller application E:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(3).exe a variant of Win32/AdInstaller application E:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en(4).exe a variant of Win32/AdInstaller application E:\2011_E-Drive\Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application I was not successful running the "Hijack This" scan...
  7. No issues so far...but I didn't "disable" any virus software. Computer is still running a bit slow but seems to be improving with each set of scans. Here are the Results of the MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.13.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dennis :: SHOIMSPUTER [administrator] Protection: Enabled 4/12/2013 6:26:26 PM mbam-log-2013-04-12 (18-26-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 234729 Time elapsed: 55 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\documents and settings\dennis\recent\msn.exe (Trojan.Passwords) -> Delete on reboot. c:\documents and settings\dennis\recent\censored_avast.lnk (Malware.Trace) -> Delete on reboot. (end) Results of the HijackThis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:46:03 PM, on 4/12/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Eraser\Eraser.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\AVG\AVG2013\avgrsx.exe C:\Documents and Settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Dennis\Desktop\Malwarebytes\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe" O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PDFill\DownloadPDF.exe O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177525273859 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/v_mywebex-t20-pso-attdevel2/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect2.pb.com/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 11691 bytes
  8. Gringo...I could only get a *.txt file out of the "Reset DMA" link. When I checked the Properties of my IDE channels they read "DMA if available" in all of the right spots. Do I still need to uninstall the IDE channels? In the meantime should I uninstall the recommended programs & run the other utilities? I will hold off until I hear from you about the DMA question. Also when I ran ComboFix it asked me if I wanted to upgrade ComboFix...I declined.
  9. Here's today's ComboFix log. I had to restart 'cuz AVG tried to block it. The instructions didn't indicate that I needed to disable virus programs. After I disabled AVG & Windows Security it ran fine. The PC is still running a bit slow but seems to be improving: ComboFix 13-04-11.01 - Dennis 04/12/2013 12:58:20.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1327 [GMT -7:00] Running from: c:\documents and settings\Dennis\Desktop\Malwarebytes\ComboFix.exe Command switches used :: c:\documents and settings\Dennis\Desktop\Malwarebytes\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\SpeedyPC Software c:\documents and settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro\dc_db.db c:\documents and settings\Dennis\Application Data\DriverCure c:\documents and settings\Dennis\Application Data\DriverCure\LogFile.txt c:\documents and settings\Dennis\Application Data\SpeedyPC Software c:\program files\SpeedyPC Software c:\program files\SpeedyPC Software\SpeedyPC\7ZipDLL.dll c:\program files\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt c:\program files\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt c:\program files\SpeedyPC Software\SpeedyPC\filecachedb.xml c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\btn_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_defrag.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_file.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_generalsettings.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_ignore.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_junk.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_privacy.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_process.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_registry.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_schedule.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\start.png c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\start_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_empty.png c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_frag.png c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unfrag.png c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unknown.png c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unmove.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\close.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\dlg_title.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\logo.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\max.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\min.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\renew.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\renew_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\restore.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tab_bg.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tabactive_bg.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\title_bar.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\top_logo.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png c:\program files\SpeedyPC Software\SpeedyPC\Images\general\delete.png c:\program files\SpeedyPC Software\SpeedyPC\Images\general\progress_glow.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\bho.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\junk.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_3rd.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_browser.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_email.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_multi.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_office.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_windows.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_apppath.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_com.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_empty.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_extensions.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_filepath.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_help.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_shortcut.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_startup.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_uninstall.png c:\program files\SpeedyPC Software\SpeedyPC\Images\group\startup.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_about.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_bho.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_clean.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_defrag.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_file.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_process.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_restore.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_startup.png c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_tools.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\other.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\bho.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\process.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\startup.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware16.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware32.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system16.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system32.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown16.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown32.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted16.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp16.png c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\01.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\02.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\05.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\06.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\07.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\08.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\09.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\check.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\error_large.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\Fix_over.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\junk.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\malware.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\md5.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\overview.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\settings.png c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\tools.png c:\program files\SpeedyPC Software\SpeedyPC\LiteUnzip.dll c:\program files\SpeedyPC Software\SpeedyPC\LiteZip.dll c:\program files\SpeedyPC Software\SpeedyPC\MyResources.dll c:\program files\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe c:\program files\SpeedyPC Software\SpeedyPC\Utility.pxt . . ((((((((((((((((((((((((( Files Created from 2013-03-12 to 2013-04-12 ))))))))))))))))))))))))))))))) . . 2013-04-12 16:45 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EDB07968-30FD-489B-A6A0-D49943034567}\mpengine.dll 2013-04-11 02:49 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-09 01:22 . 2013-04-09 01:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun 2013-03-24 19:51 . 2013-03-24 19:53 -------- d-----w- c:\program files\DriverTuner 2013-03-15 23:13 . 2013-03-15 23:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-15 21:17 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 21:50 . 2011-06-13 21:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:33 . 2011-05-17 00:32 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-15 23:12 . 2011-08-25 20:37 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-15 23:12 . 2012-02-17 20:35 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-15 23:12 . 2011-04-03 19:29 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-12 20:01 . 2012-04-02 21:11 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-12 20:01 . 2011-05-13 14:53 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2007-04-25 17:19 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59 . 2012-03-21 03:44 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2008-01-28 00:44 . 2008-01-28 00:44 774144 -c--a-w- c:\program files\RngInterstitial.dll 2007-08-28 15:04 . 2013-03-19 17:05 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-01-30 15:29 . 2013-03-19 17:05 94872 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-12-10 18:01 . 2013-03-19 17:05 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2005-11-30 00:17 . 2005-11-30 00:17 24848 -c--a-w- c:\program files\opera\program\plugins\cgpcfg.dll 2005-11-30 00:17 . 2005-11-30 00:17 74000 -c--a-w- c:\program files\opera\program\plugins\cgpcore.dll 2005-11-30 00:17 . 2005-11-30 00:17 45328 -c--a-w- c:\program files\opera\program\plugins\icalogon.dll 2005-11-30 00:17 . 2005-11-30 00:17 28944 -c--a-w- c:\program files\opera\program\plugins\pscript.dll 2005-11-30 00:17 . 2005-11-30 00:17 69904 -c--a-w- c:\program files\opera\program\plugins\sslsdk_b.dll 2005-11-30 00:17 . 2005-11-30 00:17 24848 -c--a-w- c:\program files\opera\program\plugins\tcppserv.dll 2013-03-19 17:20 . 2013-03-19 17:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-12-20 70728] "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-12-20 1373256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] . c:\documents and settings\Dennis\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Documents and Settings\\Dennis\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TbService.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TBConsoleUI.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552] R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [11/29/2010 10:58 AM 50248] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [7/12/2011 9:53 AM 40648] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/4/2011 7:13 AM 13496] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [7/16/2012 10:02 AM 18544] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [11/29/2010 10:58 AM 14920] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [8/15/2012 10:14 AM 185032] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/27/2009 4:30 PM 101720] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664] R2 EaseUS Agent;EaseUS Agent Service;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [1/3/2013 5:49 PM 69192] R2 Guard Agent;Guard Agent Service;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [1/3/2013 5:50 PM 23624] R2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [9/13/2012 1:48 PM 418376] R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [4/16/2012 3:48 PM 701512] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 2:07 PM 22856] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [1/6/2012 9:08 AM 163616] S3 EUBAKUP0;EUBAKUP0;\??\c:\windows\system32\drivers\EUBAKUP0.sys --> c:\windows\system32\drivers\EUBAKUP0.sys [?] S3 EUBKMON0;EUBKMON0;\??\c:\windows\system32\drivers\EUBKMON0.sys --> c:\windows\system32\drivers\EUBKMON0.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 5:00 AM 14336] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:01] . 2013-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2013-04-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11] . 2013-04-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-963894560-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14] . 2013-04-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-963894560-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14] . 2013-04-12 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: printinc.com\extranet Trusted Zone: printinc.com\mail TCP: DhcpNameServer = 208.201.224.11 208.201.224.33 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111227&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-09 10:14; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: !HIDDEN! 2009-09-01 18:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-12 13:13 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion*Nzakin] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(604) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Completion time: 2013-04-12 13:16:57 ComboFix-quarantined-files.txt 2013-04-12 20:16 ComboFix2.txt 2013-04-11 21:31 ComboFix3.txt 2011-05-02 19:25 ComboFix4.txt 2011-04-03 01:52 . Pre-Run: 104,752,500,736 bytes free Post-Run: 104,747,298,816 bytes free . - - End Of File - - 3AECE54F1525A7C44EE5453B33947E67
  10. Here are the results of the ComboFix scan. I had a memory error pop up but it disappeared before I could write it down. Otherwise my PC seems to be responding a bit faster: ComboFix 13-04-11.01 - Dennis 04/11/2013 14:12:42.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1287 [GMT -7:00] Running from: c:\documents and settings\Dennis\Desktop\Malwarebytes\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk c:\documents and settings\Dennis\g2mdlhlpx.exe c:\documents and settings\Dennis\My Documents\~WRL0094.tmp c:\documents and settings\Dennis\My Documents\~WRL0527.tmp c:\documents and settings\Dennis\My Documents\~WRL1245.tmp c:\documents and settings\Dennis\My Documents\~WRL2112.tmp c:\windows\system32\SET2BF.tmp c:\windows\system32\SET2C3.tmp E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 ))))))))))))))))))))))))))))))) . . 2013-04-11 02:49 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1D87D942-77F2-4E05-A723-758D31085755}\mpengine.dll 2013-04-09 20:14 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-04-09 01:22 . 2013-04-09 01:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun 2013-03-24 19:51 . 2013-03-24 19:53 -------- d-----w- c:\program files\DriverTuner 2013-03-24 19:24 . 2013-03-24 19:24 -------- d-----w- c:\documents and settings\Dennis\Application Data\DriverCure 2013-03-24 19:24 . 2013-03-24 19:24 -------- d-----w- c:\documents and settings\Dennis\Application Data\SpeedyPC Software 2013-03-24 19:23 . 2013-03-24 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2013-03-24 19:23 . 2013-03-24 19:23 -------- d-----w- c:\program files\SpeedyPC Software 2013-03-15 23:13 . 2013-03-15 23:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-15 21:17 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-04 21:50 . 2011-06-13 21:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 10:33 . 2011-05-17 00:32 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-15 23:12 . 2011-08-25 20:37 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-15 23:12 . 2012-02-17 20:35 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-15 23:12 . 2011-04-03 19:29 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-12 20:01 . 2012-04-02 21:11 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-12 20:01 . 2011-05-13 14:53 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2007-04-25 17:19 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59 . 2012-03-21 03:44 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2008-01-28 00:44 . 2008-01-28 00:44 774144 -c--a-w- c:\program files\RngInterstitial.dll 2007-08-28 15:04 . 2013-03-19 17:05 28672 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2008-01-30 15:29 . 2013-03-19 17:05 94872 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-12-10 18:01 . 2013-03-19 17:05 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2005-11-30 00:17 . 2005-11-30 00:17 24848 -c--a-w- c:\program files\opera\program\plugins\cgpcfg.dll 2005-11-30 00:17 . 2005-11-30 00:17 74000 -c--a-w- c:\program files\opera\program\plugins\cgpcore.dll 2005-11-30 00:17 . 2005-11-30 00:17 45328 -c--a-w- c:\program files\opera\program\plugins\icalogon.dll 2005-11-30 00:17 . 2005-11-30 00:17 28944 -c--a-w- c:\program files\opera\program\plugins\pscript.dll 2005-11-30 00:17 . 2005-11-30 00:17 69904 -c--a-w- c:\program files\opera\program\plugins\sslsdk_b.dll 2005-11-30 00:17 . 2005-11-30 00:17 24848 -c--a-w- c:\program files\opera\program\plugins\tcppserv.dll 2013-03-19 17:20 . 2013-03-19 17:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Dennis\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "RTHDCPL"="RTHDCPL.EXE" [2007-01-31 16116224] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2012-12-20 70728] "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-12-20 1373256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] . c:\documents and settings\Dennis\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-10 805392] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"= "c:\\Documents and Settings\\Dennis\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\Agent.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TbService.exe"= "c:\\Program Files\\EASEUS\\Todo Backup\\bin\\TBConsoleUI.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552] R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [11/29/2010 10:58 AM 50248] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [7/12/2011 9:53 AM 40648] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [7/4/2011 7:13 AM 13496] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [7/16/2012 10:02 AM 18544] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [11/29/2010 10:58 AM 14920] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [8/15/2012 10:14 AM 185032] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/27/2009 4:30 PM 101720] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 2:05 PM 196664] R2 EaseUS Agent;EaseUS Agent Service;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [1/3/2013 5:49 PM 69192] R2 Guard Agent;Guard Agent Service;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [1/3/2013 5:50 PM 23624] R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [4/16/2012 3:48 PM 701512] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/13/2011 2:07 PM 22856] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/16/2012 12:34 AM 5814904] S2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [9/13/2012 1:48 PM 418376] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [1/6/2012 9:08 AM 163616] S3 EUBAKUP0;EUBAKUP0;\??\c:\windows\system32\drivers\EUBAKUP0.sys --> c:\windows\system32\drivers\EUBAKUP0.sys [?] S3 EUBKMON0;EUBKMON0;\??\c:\windows\system32\drivers\EUBKMON0.sys --> c:\windows\system32\drivers\EUBKMON0.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 5:00 AM 14336] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:01] . 2013-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2013-04-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11] . 2013-04-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-963894560-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14] . 2013-04-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-963894560-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14] . 2013-04-11 c:\windows\Tasks\SmartDefrag_Startup.job - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:19] . 2013-03-24 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2013-01-02 22:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: printinc.com\extranet Trusted Zone: printinc.com\mail TCP: DhcpNameServer = 208.201.224.11 208.201.224.33 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111227&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-09 10:14; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: !HIDDEN! 2009-09-01 18:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-CTFMON - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-11 14:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion*Nzakin] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(608) c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Completion time: 2013-04-11 14:31:00 ComboFix-quarantined-files.txt 2013-04-11 21:30 ComboFix2.txt 2011-05-02 19:25 ComboFix3.txt 2011-04-03 01:52 . Pre-Run: 104,538,820,608 bytes free Post-Run: 104,840,515,584 bytes free . - - End Of File - - 9F6E77427F7B9CD598C7FCF5227BA1C8
  11. Here are the results of the adwCleaner.txt: # AdwCleaner v2.200 - Logfile created 04/11/2013 at 10:22:15 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Dennis - SHOIMSPUTER # Boot Mode : Normal # Running from : C:\Documents and Settings\Dennis\Desktop\Malwarebytes\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\searchplugins\Askcom.xml File Deleted : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\searchplugins\Conduit.xml Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\Dennis\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\Conduit Folder Deleted : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\ConduitEngine Folder Deleted : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\extensions\engine@conduit.com Folder Deleted : C:\Documents and Settings\Dennis\Local Settings\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Dennis\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Dennis\Local Settings\Application Data\PackageAware Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Trymedia Folder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\Software\AskBarDis Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2354485 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\PIP ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=109980&babsrc=HP_ss&mntrId=2cf84141000000000000001921890eeb --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=109980&babsrc=NT_ss&mntrId=2cf84141000000000000001921890eeb --> hxxp://www.google.com -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\l7nxy5yx.default\prefs.js Deleted : user_pref("CT2611275.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2611275.CTID", "ct2611275"); Deleted : user_pref("CT2611275.CurrentServerDate", "20-7-2010"); Deleted : user_pref("CT2611275.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2611275.DownloadReferralCookieData", ""); Deleted : user_pref("CT2611275.EMailNotifierPollDate", "Tue Jul 20 2010 08:26:07 GMT-0700 (Pacific Daylight Ti[...] Deleted : user_pref("CT2611275.FirstServerDate", "20-7-2010"); Deleted : user_pref("CT2611275.FirstTime", true); Deleted : user_pref("CT2611275.FirstTimeFF3", true); Deleted : user_pref("CT2611275.FirstTimeSettingsDone", true); Deleted : user_pref("CT2611275.FixPageNotFoundErrors", true); Deleted : user_pref("CT2611275.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2611275.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2611275.Initialize", true); Deleted : user_pref("CT2611275.InitializeCommonPrefs", true); Deleted : user_pref("CT2611275.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2611275.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2611275.InstalledDate", "Tue Jul 20 2010 07:54:10 GMT-0700 (Pacific Daylight Time)"); Deleted : user_pref("CT2611275.IsGrouping", false); Deleted : user_pref("CT2611275.IsMulticommunity", false); Deleted : user_pref("CT2611275.IsOpenThankYouPage", false); Deleted : user_pref("CT2611275.IsOpenUninstallPage", true); Deleted : user_pref("CT2611275.LanguagePackLastCheckTime", "Tue Jul 20 2010 07:54:11 GMT-0700 (Pacific Dayligh[...] Deleted : user_pref("CT2611275.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2611275.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2611275.LastLogin_2.6.0.15", "Tue Jul 20 2010 07:56:00 GMT-0700 (Pacific Daylight Time)[...] Deleted : user_pref("CT2611275.LatestVersion", "2.1.0.18"); Deleted : user_pref("CT2611275.Locale", "en"); Deleted : user_pref("CT2611275.LoginCache", 4); Deleted : user_pref("CT2611275.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2611275.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2611275.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2611275.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2611275.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2611275.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Deleted : user_pref("CT2611275.SearchInNewTabEnabled", true); Deleted : user_pref("CT2611275.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2611275.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2611275.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2611275.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2611275.SettingsLastCheckTime", "Tue Jul 20 2010 07:54:10 GMT-0700 (Pacific Daylight Ti[...] Deleted : user_pref("CT2611275.SettingsLastUpdate", "1278969850"); Deleted : user_pref("CT2611275.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2611275.ThirdPartyComponentsLastCheck", "Mon Jul 19 2010 18:09:33 GMT-0700 (Pacific Day[...] Deleted : user_pref("CT2611275.ThirdPartyComponentsLastUpdate", "1278969850"); Deleted : user_pref("CT2611275.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2611275.UserID", "UN49234953360371014"); Deleted : user_pref("CT2611275.alertChannelId", "1004080"); Deleted : user_pref("CT2611275.clientLogIsEnabled", false); Deleted : user_pref("CT2611275.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2611275.components.1000082", false); Deleted : user_pref("CT2611275.components.1000234", false); Deleted : user_pref("CT2611275.ct2611275.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2611275.ct2611275.FirstTimeSettingsDone", true); Deleted : user_pref("CT2611275.ct2611275.LanguagePackLastCheckTime", "Tue Jul 20 2010 07:55:57 GMT-0700 (Pacif[...] Deleted : user_pref("CT2611275.ct2611275.Locale", "en"); Deleted : user_pref("CT2611275.ct2611275.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Deleted : user_pref("CT2611275.ct2611275.SearchInNewTabLastCheckTime", "Tue Jul 20 2010 07:55:56 GMT-0700 (Pac[...] Deleted : user_pref("CT2611275.ct2611275.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2611275.ct2611275.SettingsLastCheckTime", "Tue Jul 20 2010 07:55:55 GMT-0700 (Pacific D[...] Deleted : user_pref("CT2611275.ct2611275.SettingsLastUpdate", "1278969850"); Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastCheck", "Tue Jul 20 2010 07:55:55 GMT-0700 (P[...] Deleted : user_pref("CT2611275.ct2611275.ThirdPartyComponentsLastUpdate", "1278969850"); Deleted : user_pref("CT2611275.myStuffEnabled", true); Deleted : user_pref("CT2611275.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2611275.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2611275.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2611275.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2611275.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2645238..clientLogIsEnabled", true); Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2645238.CurrentServerDate", "29-3-2011"); Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2645238.DownloadReferralCookieData", ""); Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Tue Mar 29 2011 08:58:53 GMT-0700 (Pacific Daylight Ti[...] Deleted : user_pref("CT2645238.FirstServerDate", "22-3-2011"); Deleted : user_pref("CT2645238.FirstTimeFF3", true); Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2645238.HasUserGlobalKeys", true); Deleted : user_pref("CT2645238.Initialize", true); Deleted : user_pref("CT2645238.InitializeCommonPrefs", true); Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2645238.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2645238.InstalledDate", "Tue Mar 22 2011 08:08:58 GMT-0700 (Pacific Daylight Time)"); Deleted : user_pref("CT2645238.IsGrouping", false); Deleted : user_pref("CT2645238.IsOpenThankYouPage", false); Deleted : user_pref("CT2645238.IsOpenUninstallPage", false); Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:20:00 GMT-0700 (Pacific Dayligh[...] Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2645238.LastLogin_3.2.5.2", "Tue Mar 22 2011 08:08:59 GMT-0700 (Pacific Daylight Time)"[...] Deleted : user_pref("CT2645238.LastLogin_3.3.3.2", "Tue Mar 29 2011 08:55:00 GMT-0700 (Pacific Daylight Time)"[...] Deleted : user_pref("CT2645238.LatestVersion", "3.3.3.2"); Deleted : user_pref("CT2645238.Locale", "en"); Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true); Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Mon Mar 28 2011 09:20:00 GMT-0700 (Pacific Daylight [...] Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Tue Mar 29 2011 08:54:59 GMT-0700 (Pacific Daylight Ti[...] Deleted : user_pref("CT2645238.SettingsLastUpdate", "1300825706"); Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Tue Mar 22 2011 08:08:58 GMT-0700 (Pacific Day[...] Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238"); Deleted : user_pref("CT2645238.UserID", "UN33361797887162514"); Deleted : user_pref("CT2645238.alertChannelId", "1037922"); Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Deleted : user_pref("CT2645238.myStuffEnabled", true); Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2645238.testingCtid", ""); Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Tue Mar 22 2011 08:08:59 GMT-0700 (Pacific D[...] Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Tue Mar 22 2011 08:08:59 GMT-0700 (Pacific D[...] Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2645238"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249595/1245268/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857573", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857573/CT2857573[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2611275,ConduitEngine,CT2645238"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2611275"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jun 03 2011 18:19:37 GMT-07[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 10:17:37 GMT-0700 (Pacif[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 11:31:29 GMT-0700 (Pacific D[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "2abf28a0-da73-46c6-90c4-9f637844761b"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jul 20 2010 07:55:56 GMT-0700 (Pac[...] Deleted : user_pref("CommunityToolbar.globalUserId", "39259849-48ae-4247-9522-2365afce6bfe"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 21 2011 08:10:18 GMT-0700 (Pacific Dayl[...] Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jun 21 2011 07:40:20 GMT-0700 (Pacific Da[...] Deleted : user_pref("ConduitEngine.FirstServerDate", "12/22/2010 23"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Dec 22 2010 12:24:41 GMT-0800 (Pacific Standard Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Jun 23 2011 11:31:30 GMT-0700 (Pacific Day[...] Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Dec 22 2010 12:24:41 GMT-0800 (Pacific Standard Ti[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Jun 23 2011 11:31:30 GMT-0700 (Pacific Daylight Ti[...] Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Jun 23 2011 11:31:30 GMT-0700 (Pacific Dayligh[...] Deleted : user_pref("ConduitEngine.UserID", "UN42136988936498776"); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Jun 23 2011 11:31:30 GMT-0700 (Pacif[...] Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Jun 23 2011 11:39:33 GMT-0700 (Paci[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("ConduitEngine.usagesFlag", 1); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.search.defaultthis.engineName", "radiojazz Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT416758&Sear[...] Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=NT_s[...] File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wscaww0v.default\prefs.js [OK] File is clean. -\\ Opera v12.0.1467.0 File : C:\Documents and Settings\Dennis\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [23320 octets] - [11/04/2013 10:22:15] ########## EOF - C:\AdwCleaner[s1].txt - [23381 octets] ########## Here are the results of the RogueKiller .txt: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Dennis [Admin rights] Mode : Remove -- Date : 04/11/2013 10:40:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160811AS +++++ --- User --- [MBR] 7fd1bb2852f80311df5a192b3796a78a [bSP] 66a62d25256085c3656bf8cf69a8696e : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD20EARS-00MVWB0 +++++ --- User --- [MBR] 27f954a3ee3fe61eb6f4d794d29d76f3 [bSP] afaa46a3aec4adb0feab8e20a13cf4f3 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04112013_02d1040.txt >> RKreport[1]_S_04112013_02d1039.txt ; RKreport[2]_D_04112013_02d1040.txt
  12. Gringo...here are the results of Security Check...so far the system seems to be running slow...nada mas...gracias!: Results of screen317's Security Check version 0.99.62 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 4.6 Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner JavaFX 2.1.1 Java 6 Update 27 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox 19.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe Dennis Desktop Malwarebytes SecurityCheck.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log`````````````````````` ...and DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2 Run by Dennis at 16:38:13 on 2013-04-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.956 [GMT -7:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Disabled* . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\Eraser\Eraser.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Documents and Settings\Dennis\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=109980&babsrc=HP_ss&mntrId=2cf84141000000000000001921890eeb BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: PCTools Site Guard: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - c:\program files\spyware doctor\tools\iesdsg.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [skyTel] SkyTel.EXE mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe StartupFolder: c:\docume~1\dennis\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dennis\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - <orphaned> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\pdfill\DownloadPDF.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177525273859 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/v_mywebex-t20-pso-attdevel2/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect2.pb.com/dana-cached/setup/JuniperSetupSP1.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 208.201.224.11 208.201.224.33 TCP: Interfaces\{6C8DAA37-D23D-43BD-8ECF-93FA18B59277} : DHCPNameServer = 208.201.224.11 208.201.224.33 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\dennis\application data\mozilla\firefox\profiles\l7nxy5yx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT416758&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111227&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\dennis\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPil86.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\nos\bin\np_gp.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2013-04-09 10:14; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\documents and settings\dennis\application data\mozilla\firefox\profiles\l7nxy5yx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: !HIDDEN! 2009-09-01 18:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2010-11-29 50248] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-7-12 40648] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296] R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-4 13496] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-7-16 18544] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2010-11-29 14920] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-8-15 185032] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-27 101720] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664] R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-1-3 69192] R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-1-3 23624] R2 MBAMService;MBAMService;c:\malwarebytes' anti-malware\mbamservice.exe [2012-4-16 682344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-13 21104] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 MBAMScheduler;MBAMScheduler;c:\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 398184] S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 163616] S3 EUBAKUP0;EUBAKUP0;\??\c:\windows\system32\drivers\eubakup0.sys --> c:\windows\system32\drivers\EUBAKUP0.sys [?] S3 EUBKMON0;EUBKMON0;\??\c:\windows\system32\drivers\eubkmon0.sys --> c:\windows\system32\drivers\EUBKMON0.sys [?] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?] S4 vsdatant;vsdatant; [x] . =============== Created Last 30 ================ . 2013-04-09 20:14:08 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{485dddec-58d3-4c9f-8bb1-e4de47b1d1af}\mpengine.dll 2013-04-08 18:38:36 7108640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-03-24 19:51:50 -------- d-----w- c:\program files\DriverTuner 2013-03-24 19:24:33 -------- d-----w- c:\documents and settings\dennis\application data\DriverCure 2013-03-24 19:24:31 -------- d-----w- c:\documents and settings\dennis\application data\SpeedyPC Software 2013-03-24 19:23:59 -------- d-----w- c:\program files\SpeedyPC Software 2013-03-24 19:23:59 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software 2013-03-19 17:13:59 163840 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\uilibres.dll 2013-03-19 17:13:57 45124 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\raurl.dll 2013-03-19 17:13:22 98304 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\PsImgStrm.dll 2013-03-19 17:09:59 380928 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\atarm.dll 2013-03-19 17:08:58 401408 ----a-w- c:\program files\mozilla firefox\plugins\webex\724\atrecply.dll 2013-03-19 17:07:49 5013816 ----a-w- c:\program files\mozilla firefox\plugins\webex\1224\webexmgr.dll 2013-03-19 17:06:59 132096 ----a-w- c:\program files\mozilla firefox\plugins\webex\1224\atpng12.dll 2013-03-19 17:05:59 626688 ----a-w- c:\program files\mozilla firefox\plugins\microsoft.vc80.crt\msvcr80.dll 2013-03-19 17:04:44 193584 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2013-03-19 17:03:59 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-03-19 17:03:59 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-03-19 17:03:58 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-03-19 17:02:42 2709880 ----a-r- c:\program files\mozilla firefox\ie 6.0 full\IEAK6.EXE 2013-03-19 17:02:41 508240 ----a-r- c:\program files\mozilla firefox\ie 6.0 full\IE6SETUP.EXE 2013-03-19 17:02:29 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-03-19 17:02:29 2954136 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-03-19 17:02:29 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-03-19 17:02:27 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2013-03-19 17:02:25 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-03-19 17:02:24 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-03-19 17:02:23 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-03-19 17:02:23 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2013-03-19 17:02:23 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-03-15 23:13:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-15 21:17:22 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys . ==================== Find3M ==================== . 2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-03-15 23:12:59 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-03-15 23:12:56 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-15 23:12:56 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-12 20:01:13 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-12 20:01:13 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-20 23:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2008-01-28 00:44:00 774144 -c--a-w- c:\program files\RngInterstitial.dll . ============= FINISH: 16:45:41.73 =============== ...and attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/2/2011 9:54:05 PM System Uptime: 4/9/2013 7:19:12 AM (9 hours ago) . Motherboard: ECS | | 945GZ/CT-M Processor: Intel® Pentium® 4 CPU 3.20GHz | CPU 1 | 3192/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 97.487 GiB free. D: is CDROM () E: is FIXED (NTFS) - 1863 GiB total, 1741.404 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: ROOT\MEDIA\SYSTEM Manufacturer: Name: PNP Device ID: ROOT\MEDIA\SYSTEM Service: . ==== System Restore Points =================== . RP593: 2/25/2013 5:10:51 PM - System Checkpoint RP594: 2/25/2013 8:17:39 PM - Software Distribution Service 3.0 RP595: 2/25/2013 8:33:35 PM - Software Distribution Service 3.0 RP596: 2/27/2013 1:10:42 AM - System Checkpoint RP597: 2/27/2013 3:14:13 PM - Software Distribution Service 3.0 RP598: 2/27/2013 5:55:43 PM - Software Distribution Service 3.0 RP599: 3/4/2013 9:46:40 AM - Software Distribution Service 3.0 RP600: 3/6/2013 11:22:24 AM - Software Distribution Service 3.0 RP601: 3/12/2013 11:56:02 AM - Software Distribution Service 3.0 RP602: 3/12/2013 6:59:55 PM - Software Distribution Service 3.0 RP603: 3/15/2013 2:28:46 PM - Software Distribution Service 3.0 RP604: 3/15/2013 2:56:30 PM - Software Distribution Service 3.0 RP605: 3/15/2013 4:10:57 PM - Removed Java 7 Update 15 RP606: 3/15/2013 4:12:21 PM - Installed Java 7 Update 17 RP607: 3/18/2013 11:29:17 AM - Software Distribution Service 3.0 RP608: 3/19/2013 11:11:34 AM - Software Distribution Service 3.0 RP609: 3/20/2013 12:35:29 PM - Software Distribution Service 3.0 RP610: 3/22/2013 9:56:06 AM - Software Distribution Service 3.0 RP611: 3/23/2013 11:14:00 AM - Software Distribution Service 3.0 RP612: 3/24/2013 1:10:31 PM - Software Distribution Service 3.0 RP613: 4/3/2013 10:57:27 AM - Software Distribution Service 3.0 RP614: 4/5/2013 11:57:07 AM - Software Distribution Service 3.0 RP615: 4/8/2013 11:37:47 AM - Software Distribution Service 3.0 RP616: 4/9/2013 1:13:12 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat 6.0.1 Professional Adobe AIR Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements Adobe Reader Japanese Fonts Adobe Reader X (10.1.6) Adobe Shockwave Player Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.2.6 AVG 2013 Bonjour CCleaner CDDRV_Installer Compatibility Pack for the 2007 Office system DivX Converter DivX Setup doPDF 6.2 printer DriverTuner 3.1.0.0 Dropbox EaseUS Todo Backup Free 5.5 Eraser 6.0.8.2273 ESET Online Scanner v3 Facebook Plug-In FBackup 4 Filzip 3.06 GoToMeeting 5.1.0.880 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) HP CLJ 3000-3600-3800-CP3505 Series Printers Service Training hp LaserJet-all-in-one Intel® Graphics Media Accelerator Driver iTunes J2SE Runtime Environment 5.0 Update 3 Japanese Fonts Support For Adobe Reader 8 Java 7 Update 17 Java Auto Updater Java 6 Update 27 JavaFX 2.1.1 Juniper Networks Cache Cleaner 5.4.0 Juniper Networks Cache Cleaner 5.5.0 Juniper Networks Cache Cleaner 6.4.0 Juniper Networks Setup Client Juniper Networks Setup Client Activex Control KhalInstallWrapper LaserAIO Logitech Desktop Messenger Logitech SetPoint Malwarebytes Anti-Malware version 1.70.0.1100 MetaFrame Presentation Server Web Client for Win32 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Easy Assist v2 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Meeting 2005 Microsoft Office Live Meeting 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office SharePoint Designer 2007 Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) Microsoft Office SharePoint Designer MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C Runtime Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) Nero Suite PDFill PDF Editor with FREE Writer and FREE Tools Picasa 3 QBFC 7.0 QFolder QuickBooks QuickBooks Pro 2009 QuickTime RAM Idle LE RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Rhapsody Player Engine Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Smart Defrag 2 Song Surgeon 1.0.6 Spelling Dictionaries Support For Adobe Reader 8 SpywareBlaster 4.6 SupportSoft Assisted Service Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual Studio 2005 Tools for Office Second Edition Runtime WebEx WebFldrs XP Winamp Winamp Detector Plug-in Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin WinPcap 4.1.1 WinX DVD Copy Pro 3.4.3 . ==== Event Viewer Messages From Past Week ======== . 4/9/2013 7:26:55 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting. 4/8/2013 11:23:53 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/8/2013 11:23:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 4/5/2013 11:48:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 4/5/2013 11:48:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect. 4/5/2013 11:48:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect. 4/5/2013 11:48:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/5/2013 11:48:10 AM, error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/5/2013 11:48:10 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/5/2013 11:48:10 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/3/2013 10:41:20 AM, error: Service Control Manager [7000] - The EaseUS Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/3/2013 10:41:19 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the EaseUS Agent Service service to connect. . ==== End Of File ===========================
  13. My PC desktop seems to be slowing down & I'm concerned about malware and/or junk files. My system is running XP Pro and I have MBAM, Windows Security & AVG Free. A 'quick' Malwarbytes scan did not detect any current threats.
  14. All done and I got a 'clean' MBAM Quick Scan. Thank you for your help!
  15. "Scan compete on 103921 Items. No threats were detected on your PC during this scan."