Jump to content

Malicous websites blocked, without browser running


Recommended Posts

I have been getting blocked malicous website protection notices ever since I turned on the active protection nodule on Malwarebytes, even without an internet browser running:

Protection, Malicious Website Protection, IP, 93.174.93.51, 0, Inbound,
Protection, Malicious Website Protection, IP, 80.82.70.152, 0, Inbound,

 

I have run the anti-malware and anti-virus with nothing detected. Wondering if this is a possible threat, as it seems to be the same IP addresses each time.

Thanks in advance for any help you can provide.
 



			
		
Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes like this:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then....please start HERE <-------- (may not run on W8)

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

Don't forget to RogueKiller below

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thank you for getting back to me. I did all the scans, and will paste all the results below.

 


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/8/2014
Scan Time: 6:43:22 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ben

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348891
Time Elapsed: 23 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Ben (administrator) on BLACKDRAGON on 08-04-2014 18:45:19
Running from C:\Documents and Settings\Ben\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\iPod\bin\iPodSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(M-Audio) C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Avid Technology, Inc.) C:\WINDOWS\system32\MAFWTray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ben\Local Settings\Application Data\Akamai\netsession_win.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Ben\Local Settings\Application Data\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [trCLIStart] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\trCLIStart.exe
HKLM\...\Run: [startCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\...\Run: [sSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [M-Audio Taskbar Icon] - C:\WINDOWS\system32\MAFWTray.exe [252424 2009-07-29] (Avid Technology, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [14854144 2005-09-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-20] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-05] (RealNetworks, Inc.)
HKLM\...\Run: [bluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15709984 2013-10-23] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [209184 2013-10-23] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-11-04] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKU\S-1-5-21-583907252-1580436667-1060284298-1004\...\Run: [Performance Center] - C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
HKU\S-1-5-21-583907252-1580436667-1060284298-1004\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Ben\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-583907252-1580436667-1060284298-1004\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-583907252-1580436667-1060284298-1004\...\MountPoints2: {a736afd5-187a-11e1-87aa-002215f8df7b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B24A821E-0BBD-4544-B18B-01E0A433F0F2}&mid=097ed9e57832baa269bfe53a37ab05d3-881eb51ede61d5b3acf180488412f3701a8b0be0〈=en&ds=ft011&pr=sa&d=2012-04-19 17:26:04&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {76A07CAF-F202-4784-85EA-6CEFE2DD415A} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={B24A821E-0BBD-4544-B18B-01E0A433F0F2}&mid=097ed9e57832baa269bfe53a37ab05d3-881eb51ede61d5b3acf180488412f3701a8b0be0〈=en&ds=ft011&pr=sa&d=2012-04-19 17:26:04&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9C902DA3-65B9-4D62-9FFB-3FD73644A214} URL = http://www.bing.com/search?q={searchTerms}&FORM=IE0006
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {32564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271376983687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 07 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 76.14.192.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\sz0fq6kr.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\adz8taui.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.1 - C:\Documents and Settings\Ben\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Ben\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Adblock Plus - C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\sz0fq6kr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292 [2014-03-20]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-05]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [{351442D5-8692-11E1-826D-B8AC6F996F26}] - C:\Documents and Settings\Ben\Local Settings\Application Data\{351442D5-8692-11E1-826D-B8AC6F996F26}\
FF Extension: Translate This! - C:\Documents and Settings\Ben\Local Settings\Application Data\{351442D5-8692-11E1-826D-B8AC6F996F26}\ []

Chrome:
=======

CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchURL: http://isearch.avg.com/search?cid={B24A821E-0BBD-4544-B18B-01E0A433F0F2}&mid=097ed9e57832baa269bfe53a37ab05d3-881eb51ede61d5b3acf180488412f3701a8b0be0〈=en&ds=ft011&pr=sa&d=2012-04-19 17:26:04&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-23]
CHR Extension: (AT_MarliesDekkers) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlehphlfahjiajcnjkcbdbehjcchkibb [2010-05-16]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (No Name) - C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [2014-03-20]

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [110592 2005-04-06] ()
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 iPodSrv; C:\Program Files\iPod\bin\iPodSrv.exe [90112 2003-03-14] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-01] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 OxygenAudioDevMon; C:\Program Files\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-20] (AVG Secure Search)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-07-29] (WDC)
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [952832 2010-07-29] ()
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [483840 2010-07-29] ()
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [522040 2013-02-08] (Wacom Technology, Corp.)
S4 Ati HotKey Poller; %SystemRoot%\system32\Ati2evxx.exe [X]
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [X]
S4 dvpapi; "C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe" [X]
S4 ioloFileInfoList; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [X]
S4 ioloSystemService; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [X]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281504 2009-08-12] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-08-31] (IVT Corporation)
R3 BlueletSCOAudio; C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys [20480 2005-08-31] (IVT Corporation)
R3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation)
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-07-29] (IVT Corporation)
R3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11988 2005-07-29] ()
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 hidkmdf; C:\WINDOWS\System32\DRIVERS\hidkmdf.sys [12272 2012-12-19] (Windows ® Win 7 DDK provider)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2009-08-12] ()
R3 MAFW; C:\WINDOWS\System32\DRIVERS\mafw.sys [192392 2009-07-29] (Avid Technology, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-08] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NtApm; C:\WINDOWS\System32\DRIVERS\NtApm.sys [9344 2006-02-28] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54144 2007-10-12] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [102400 2007-08-08] (NVIDIA Corporation)
S3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-06-16] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2007-10-12] (NVIDIA Corporation)
S3 OXYGEN; C:\WINDOWS\System32\DRIVERS\MAudioOxygen.sys [112136 2010-03-04] (M-Audio)
S3 SynasUSB; C:\WINDOWS\System32\drivers\SynasUSB.sys [23288 2007-10-24] (SIA Syncrosoft)
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation)
R3 WacHidRouter; C:\WINDOWS\System32\DRIVERS\wachidrouter.sys [70640 2012-12-19] (Wacom Technology)
R3 wacomrouterfilter; C:\WINDOWS\System32\DRIVERS\wacomrouterfilter.sys [13296 2012-12-20] (Wacom Technology)
S2 CSS DVP; system32\DRIVERS\css-dvp.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 FETNDIS; system32\DRIVERS\fetnd5.sys [X]
S1 FileDisk; No ImagePath
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [X]
S4 IntelIde; No ImagePath
S3 LVUVC; system32\DRIVERS\lvuvc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 viaagp1; system32\DRIVERS\viaagp1.sys [X]
S0 XPacket; System32\xpacket.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 18:45 - 2014-04-08 18:45 - 00000000 ____D () C:\FRST
2014-04-08 17:56 - 2013-11-12 10:03 - 01672704 _____ () C:\Documents and Settings\Ben\Desktop\4A2M_1.00_WIN_24B1ST i.EXE
2014-04-03 17:09 - 2014-04-08 17:57 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 17:08 - 2014-04-05 14:43 - 00000787 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 17:08 - 2014-04-05 14:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-03 17:08 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 17:08 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-01 23:54 - 2014-04-01 23:54 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-04-01 23:54 - 2014-04-01 23:54 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-04-01 23:54 - 2014-04-01 23:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-03-31 15:04 - 2014-03-31 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-30 10:17 - 2014-03-30 10:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-19 18:03 - 2014-03-19 18:03 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-19 18:03 - 2014-03-19 18:03 - 00000000 ____D () C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft Corporation
2014-03-19 18:02 - 2014-03-19 18:02 - 00001878 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-19 18:02 - 2014-03-19 18:02 - 00001872 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-19 18:02 - 2014-03-19 18:02 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-18 17:13 - 2014-04-08 17:47 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-18 17:13 - 2014-04-08 17:47 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-18 07:28 - 2014-03-18 07:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 07:27 - 2014-03-18 07:28 - 00004220 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 06:36 - 2014-02-25 18:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-18 06:36 - 2014-02-25 18:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-13 17:36 - 2014-03-13 17:37 - 00130849 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 17:32 - 2014-03-13 17:36 - 00127237 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 17:31 - 2014-03-13 17:36 - 00129556 _____ () C:\WINDOWS\KB2930275.log

==================== One Month Modified Files and Folders =======

2014-04-08 18:45 - 2014-04-08 18:45 - 00000000 ____D () C:\FRST
2014-04-08 18:32 - 2011-09-28 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-08 18:13 - 2013-10-23 17:51 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 17:57 - 2014-04-03 17:09 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 17:52 - 2008-07-14 23:51 - 01563563 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-08 17:49 - 2013-05-29 19:16 - 00007018 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-04-08 17:48 - 2013-01-01 15:33 - 00000304 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-08 17:48 - 2013-01-01 15:33 - 00000296 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-08 17:47 - 2014-03-18 17:13 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-08 17:47 - 2014-03-18 17:13 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 17:47 - 2013-11-09 12:15 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser.BLACKDRAGON.000\ntuser.ini
2014-04-08 17:47 - 2013-10-23 17:51 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 17:47 - 2012-12-23 12:01 - 00000274 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-08 17:47 - 2010-07-25 10:21 - 00000274 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-08 17:47 - 2008-12-24 00:20 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-04-08 17:47 - 2008-07-14 23:56 - 00032460 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-08 17:46 - 2010-10-01 22:21 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-04-08 17:46 - 2008-07-14 16:33 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-08 17:46 - 2008-07-14 16:33 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-08 17:46 - 2006-02-28 05:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-08 17:45 - 2008-07-14 23:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 07:37 - 2008-07-15 00:29 - 00000178 ___SH () C:\Documents and Settings\Ben\ntuser.ini
2014-04-07 17:49 - 2012-12-23 12:01 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-05 18:53 - 2013-12-28 17:07 - 00509160 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-04-05 15:04 - 2012-04-10 18:26 - 00000000 ____D () C:\Documents and Settings\Ben\My Documents\HRBlock
2014-04-05 14:58 - 2009-04-15 11:14 - 00000000 ____D () C:\Bens
2014-04-05 14:45 - 2010-07-25 10:21 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-04-05 14:43 - 2014-04-03 17:08 - 00000787 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-05 14:43 - 2014-04-03 17:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-05 14:43 - 2011-09-30 07:31 - 00000000 ____D () C:\Program Files\MALWAREBYTES ANTI-MALWARE
2014-04-03 20:18 - 2013-04-12 00:23 - 00000000 ____D () C:\Documents and Settings\Ben\My Documents\Recovered
2014-04-03 17:08 - 2009-09-23 18:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-03 09:51 - 2014-04-03 17:08 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-03 17:08 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-03 06:37 - 2011-11-09 18:19 - 00000000 ____D () C:\Documents and Settings\Ben\Local Settings\Application Data\Akamai
2014-04-01 23:54 - 2014-04-01 23:54 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-04-01 23:54 - 2014-04-01 23:54 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-04-01 23:54 - 2014-04-01 23:54 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-04-01 23:54 - 2014-04-01 23:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-04-01 22:40 - 2010-03-20 09:31 - 00014336 ___SH () C:\WINDOWS\Thumbs.db
2014-04-01 22:15 - 2013-12-15 14:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-03-31 15:04 - 2014-03-31 15:04 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-31 15:04 - 2013-10-27 10:41 - 00000712 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-31 14:55 - 2012-05-02 22:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-30 10:17 - 2014-03-30 10:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-27 21:12 - 2013-08-13 18:46 - 00816584 _____ () C:\WINDOWS\setupapi.log
2014-03-26 21:26 - 2011-09-30 19:24 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-22 18:57 - 2008-07-18 21:15 - 00009662 _____ () C:\WINDOWS\EPISME00.SWB
2014-03-22 18:40 - 2009-11-30 19:36 - 00006580 ___SH () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2014-03-20 18:29 - 2013-06-26 21:17 - 00003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-03-20 18:29 - 2012-09-03 20:22 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-20 18:29 - 2012-06-11 18:37 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-20 18:29 - 2012-04-19 17:25 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-03-19 18:03 - 2014-03-19 18:03 - 00000000 ____D () C:\WINDOWS\Performance
2014-03-19 18:03 - 2014-03-19 18:03 - 00000000 ____D () C:\Documents and Settings\Ben\Local Settings\Application Data\Microsoft Corporation
2014-03-19 18:02 - 2014-03-19 18:02 - 00001878 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-19 18:02 - 2014-03-19 18:02 - 00001872 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-19 18:02 - 2014-03-19 18:02 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-19 17:29 - 2012-06-26 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2014-03-19 17:29 - 2010-09-26 23:26 - 00000000 ____D () C:\Documents and Settings\Ben\Application Data\ZoomBrowser EX
2014-03-18 17:22 - 2012-08-19 19:41 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-18 17:22 - 2012-08-19 12:42 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-18 07:28 - 2014-03-18 07:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 07:28 - 2014-03-18 07:27 - 00004220 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 07:28 - 2008-07-14 16:31 - 03225968 _____ () C:\WINDOWS\FaxSetup.log
2014-03-18 07:28 - 2008-07-14 16:31 - 01627707 _____ () C:\WINDOWS\ocgen.log
2014-03-18 07:28 - 2008-07-14 16:31 - 01243940 _____ () C:\WINDOWS\tsoc.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00639624 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00500278 _____ () C:\WINDOWS\iis6.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00171044 _____ () C:\WINDOWS\ocmsn.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00162325 _____ () C:\WINDOWS\msgsocm.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00008236 _____ () C:\WINDOWS\comsetup.log
2014-03-18 07:28 - 2008-07-14 16:31 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-18 07:27 - 2013-08-13 18:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 07:25 - 2008-07-16 19:23 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 14:33 - 2013-01-01 15:33 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job
2014-03-13 17:39 - 2008-07-14 16:30 - 00249496 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 17:38 - 2009-01-21 22:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 17:37 - 2014-03-13 17:36 - 00130849 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 17:37 - 2009-07-01 18:38 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-13 17:37 - 2008-07-16 19:10 - 00638854 _____ () C:\WINDOWS\updspapi.log
2014-03-13 17:37 - 2008-07-14 16:31 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 17:36 - 2014-03-13 17:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 17:36 - 2014-03-13 17:32 - 00127237 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 17:36 - 2014-03-13 17:31 - 00129556 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 17:35 - 2010-07-10 19:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-09 14:09 - 2008-07-14 16:31 - 00591476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Documents and Settings\Ben\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\Ben\Local Settings\Temp\CmdLineExtInstallerExe.exe
C:\Documents and Settings\Ben\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\Ben\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Ben\Local Settings\Temp\drm_dyndata_7330014.dll
C:\Documents and Settings\Ben\Local Settings\Temp\drm_dyndata_7380006.dll
C:\Documents and Settings\Ben\Local Settings\Temp\drm_dyndata_7380014.dll
C:\Documents and Settings\Ben\Local Settings\Temp\DY58nN17.dll
C:\Documents and Settings\Ben\Local Settings\Temp\ffmpeg8.exe
C:\Documents and Settings\Ben\Local Settings\Temp\Free Realms Installer Uninstaller.exe
C:\Documents and Settings\Ben\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\Ben\Local Settings\Temp\ildownloader_install.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u18-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Ben\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\Ben\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Ben\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\Ben\Local Settings\Temp\oi_{8A897B87-50CD-4481-843F-D2A5DE44571C}.exe
C:\Documents and Settings\Ben\Local Settings\Temp\PNPCUNLR.dll
C:\Documents and Settings\Ben\Local Settings\Temp\setup.exe
C:\Documents and Settings\Ben\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Ben\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Ben\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Ben\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Ben\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Ben\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Ben\Local Settings\Temp\SystemRequirementsLabx.exe
C:\Documents and Settings\Ben\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\Ben\Local Settings\Temp\uninst.exe
C:\Documents and Settings\Ben\Local Settings\Temp\VSUSetup.exe
C:\Documents and Settings\Ben\Local Settings\Temp\_is14.exe
C:\Documents and Settings\Ben\Local Settings\Temp\_is5F.exe
C:\Documents and Settings\Ben\Local Settings\Temp\_is65.exe
C:\Documents and Settings\Ben\Local Settings\Temp\_is66.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Ben at 2014-04-08 18:46:12
Running from C:\Documents and Settings\Ben\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AGEIA PhysX v6.12.02 (Version: 6.12.02 - AGEIA Technologies, Inc.) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface Service (HKLM\...\Akamai) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0602.2242 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.501-080602a-065775C-ATI - )
Authentium AntiVirus SDK - 2 (Version: 4.95.2 - Authentium Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BlueSoleil (HKLM\...\{4A0BAA62-FE2F-4C93-A10B-5E6DE3B424A5}) (Version: 1.6.3.1 Release 050831 - IVT Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - Canon Inc.)
Canon Camera WIA Driver (Version: 6.2.5 - Canon) Hidden
Canon Camera WIA Driver 6.2.5 (HKLM\...\InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}) (Version: 6.2.5 - Canon)
Canon CanoScan LiDE 90 User Registration (HKLM\...\Canon CanoScan LiDE 90 User Registration) (Version:  - )
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.1.19 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.2.1.6 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
CanoScan LiDE 90 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412) (Version:  - )
Catalyst Control Center Core Implementation (Version: 2008.0602.2243.38732 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0602.2243.38732 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0602.2243.38732 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0602.2243.38732 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0602.2243.38732 - ATI) Hidden
CCC Help English (Version: 2008.0602.2242.38732 - ATI) Hidden
ccc-core-preinstall (Version: 2008.0602.2243.38732 - ATI) Hidden
ccc-core-static (Version: 2008.0602.2243.38732 - ATI) Hidden
ccc-utility (Version: 2008.0602.2243.38732 - ATI) Hidden
Content (Version: 1.00.0000 - Your Company Name) Hidden
Corel Graphics Suite 11 (Version: 11 - Corel Corporation) Hidden
Corel Painter 11 - ICA (Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (Version: 11.2 - Corel Corporation) Hidden
Corel Painter 11 (HKLM\...\_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}) (Version:  - Corel Corporation)
Corel Painter 11 (Version: 11.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Firewire Family (HKLM\...\{92CFE459-E641-4293-8884-83FB2B97FDFC}) (Version: 1.0.2.8 - )
Free Easy Burner V 5.0 (HKLM\...\Free Easy Burner_is1) (Version: 5.0.0.0 - Koyote soft)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
H&R Block Basic + Efile + State 2013 (HKLM\...\{9D598046-A8D1-4B61-9F8A-AB3BE1389311}) (Version: 13.03.5801 - HRB Technology, LLC.)
H&R Block California 2013 (HKLM\...\{FA9B4B45-B7F0-47A4-894B-19BBF8829FE2}) (Version: 1.13.6401 - HRB Technology, LLC.)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
iPod for Windows 2005-10-12 (HKLM\...\InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}) (Version: 4.3.0 - Apple Computer, Inc.)
iPod for Windows 2005-10-12 (Version: 4.3.0 - Apple Computer, Inc.) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
iTunes (HKLM\...\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}) (Version: 8.0.1.11 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Langauge (Version: 1.2 - Your Company Name) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
M-Audio FireWire Driver 6.0.1 (x86) (HKLM\...\{64522D5F-4743-4939-8E22-B1878FB68772}) (Version: 6.0.1 - M-Audio)
M-Audio Oxygen Driver 1.2.1 (x86) (HKLM\...\{80D3F817-2D33-4643-B900-64AE2C0C4745}) (Version: 1.2.1 - M-Audio)
Microsoft .NET Compact Framework 2.0 (HKLM\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5239 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA ForceWare Network Access Manager (Version: 1.00.6767 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM\...\{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Pandora (HKLM\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - UNKNOWN)
Pandora (Version: 2.0.8 - UNKNOWN) Hidden
QuickTime (HKLM\...\{8DC42D05-680B-41B0-8878-6C14D24602DB}) (Version: 7.55.90.70 - Apple Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sakura (HKLM\...\Sakura) (Version:  - Image-Line)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Skins (Version: 2008.0602.2243.38732 - ATI) Hidden
SmartSound Common Data (HKLM\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (Version: 1.1.0 - SmartSound Software Inc.) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg Cubase Studio 4 (HKLM\...\{A5FB086B-B602-4452-8FE9-DF6BFBCE3D09}) (Version: 4.5.2.274 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg mp3 Encoder (HKLM\...\{FABDD85B-EE3E-4742-964D-06E350A90984}) (Version: 1.0.0.53 - Steinberg Media Technologies GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncrosoft License Control (HKLM\...\Syncrosoft License Control) (Version:  - SIA Syncrosoft)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
The Secret of Monkey Island: Special Edition (HKLM\...\Steam App 32360) (Version:  - LucasArts)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Vegas Movie Studio HD Platinum 10.0 (HKLM\...\{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}) (Version: 10.0.179 - Sony)
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.0 (HKLM\...\VLC media player) (Version: 1.1.0 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.5-3 - Wacom Technology Corp.)
WaveLab Lite (HKLM\...\WaveLab Lite) (Version:  - )
WD SmartWare (HKLM\...\{4C374853-D0D7-4503-9664-3A8D05D3C638}) (Version: 1.3.1.6 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

08-01-2014 14:57:59 System Checkpoint
10-01-2014 02:09:32 Installed iPod for Windows 2005-10-12
10-01-2014 03:34:32 Installed iTunes
11-01-2014 06:02:13 System Checkpoint
12-01-2014 06:24:52 System Checkpoint
13-01-2014 14:47:31 System Checkpoint
14-01-2014 15:55:18 System Checkpoint
14-01-2014 16:01:03 Software Distribution Service 3.0
15-01-2014 15:24:52 Software Distribution Service 3.0
16-01-2014 15:45:12 System Checkpoint
17-01-2014 20:05:38 System Checkpoint
19-01-2014 19:47:28 System Checkpoint
20-01-2014 20:26:58 System Checkpoint
22-01-2014 01:39:37 Removed Java 7 Update 45
23-01-2014 03:13:13 System Checkpoint
24-01-2014 04:33:08 System Checkpoint
25-01-2014 05:19:02 System Checkpoint
26-01-2014 06:47:49 System Checkpoint
27-01-2014 14:48:56 System Checkpoint
28-01-2014 15:50:54 System Checkpoint
30-01-2014 01:44:22 System Checkpoint
31-01-2014 04:12:44 System Checkpoint
01-02-2014 05:16:00 System Checkpoint
02-02-2014 10:00:17 System Checkpoint
04-02-2014 05:14:07 System Checkpoint
05-02-2014 14:50:25 System Checkpoint
06-02-2014 14:57:25 System Checkpoint
08-02-2014 03:26:35 System Checkpoint
09-02-2014 04:53:30 System Checkpoint
09-02-2014 21:25:55 Installed HR Block 2013.
09-02-2014 21:41:53 Installed H&R Block California 2013.
11-02-2014 02:59:24 System Checkpoint
12-02-2014 04:51:47 System Checkpoint
13-02-2014 06:27:56 Software Distribution Service 3.0
14-02-2014 15:06:20 System Checkpoint
15-02-2014 20:35:21 System Checkpoint
16-02-2014 21:01:34 System Checkpoint
17-02-2014 21:15:09 System Checkpoint
19-02-2014 02:19:43 Installed AVG 2014
20-02-2014 02:26:06 System Checkpoint
22-02-2014 02:51:34 System Checkpoint
23-02-2014 03:40:18 System Checkpoint
24-02-2014 04:55:06 System Checkpoint
25-02-2014 05:20:57 System Checkpoint
26-02-2014 06:09:11 System Checkpoint
28-02-2014 14:56:25 System Checkpoint
01-03-2014 18:35:41 System Checkpoint
02-03-2014 21:49:09 Installed QuickTime 7
04-03-2014 04:25:15 System Checkpoint
05-03-2014 15:09:19 System Checkpoint
07-03-2014 05:28:17 System Checkpoint
08-03-2014 05:28:41 System Checkpoint
09-03-2014 22:27:18 System Checkpoint
12-03-2014 01:19:55 System Checkpoint
13-03-2014 01:36:44 System Checkpoint
14-03-2014 00:34:02 Software Distribution Service 3.0
15-03-2014 00:41:19 System Checkpoint
16-03-2014 00:51:10 System Checkpoint
17-03-2014 04:57:52 System Checkpoint
18-03-2014 13:57:53 System Checkpoint
18-03-2014 14:25:13 Software Distribution Service 3.0
20-03-2014 01:02:48 Installed Windows 7 Upgrade Advisor
21-03-2014 02:37:06 System Checkpoint
22-03-2014 03:29:07 System Checkpoint
23-03-2014 05:11:15 System Checkpoint
24-03-2014 13:35:41 System Checkpoint
26-03-2014 03:03:51 System Checkpoint
27-03-2014 03:57:49 System Checkpoint
29-03-2014 00:49:00 Removed Java 7 Update 51
29-03-2014 00:49:37 Installed Java 7 Update 51
29-03-2014 00:52:13 Removed Java 7 Update 51
29-03-2014 00:52:50 Installed Java 7 Update 51
30-03-2014 17:49:17 System Checkpoint
31-03-2014 22:50:28 System Checkpoint
02-04-2014 03:35:59 System Checkpoint
02-04-2014 06:53:42 Removed Java 7 Update 51
02-04-2014 06:54:20 Installed Java 7 Update 51
05-04-2014 22:07:44 Revo Uninstaller's restore point - Spotify
07-04-2014 05:50:52 System Checkpoint
08-04-2014 14:02:53 System Checkpoint

==================== Hosts content: ==========================

2006-02-28 05:00 - 2010-04-15 02:59 - 00000789 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1        localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1580436667-1060284298-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-04-06 16:03 - 2005-04-06 16:03 - 00110592 _____ () C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
2003-03-14 19:30 - 2003-03-14 19:30 - 00090112 _____ () C:\Program Files\iPod\bin\iPodSrv.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-03-20 18:29 - 2014-03-20 18:29 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2014-03-20 18:29 - 2014-03-20 18:29 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2010-07-29 16:25 - 2010-07-29 16:25 - 00952832 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-07-29 16:24 - 2010-07-29 16:24 - 00483840 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2013-04-11 11:39 - 2013-02-08 11:36 - 00963896 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-04-19 17:26 - 2014-03-20 18:29 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2013-12-15 10:43 - 2014-03-20 18:29 - 01603608 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2013-12-28 12:31 - 2013-10-03 11:42 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2013-12-28 12:31 - 2013-10-03 11:42 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2014-03-30 10:17 - 2014-03-30 10:17 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^Ben^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk => C:\WINDOWS\pss\OpenOffice.org 3.0.lnkStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NT Apm/Legacy Interface Node
Description: NT Apm/Legacy Interface Node
Class Guid: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Manufacturer: Microsoft
Service: NtApm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2014 11:55:40 PM) (Source: MsiInstaller) (User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.

Error: (03/28/2014 05:57:16 PM) (Source: MsiInstaller) (User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.

Error: (03/24/2014 07:07:41 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 27.0.1.5156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2014 06:40:16 PM) (Source: Application Hang) (User: )
Description: Hanging application Painter 11.exe, version 11.0.1.42, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/09/2014 04:53:38 PM) (Source: Application Error) (User: )
Description: Faulting application painter 11.exe, version 11.0.1.42, faulting module asi32_14.dll, version 11.0.1.42, fault address 0x0005c628.
Processing media-specific event for [painter 11.exe!ws!]

Error: (03/09/2014 04:11:04 PM) (Source: Application Error) (User: )
Description: Faulting application painter 11.exe, version 11.0.1.42, faulting module asi32_14.dll, version 11.0.1.42, fault address 0x0005c628.
Processing media-specific event for [painter 11.exe!ws!]

Error: (03/02/2014 08:18:27 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 27.0.1.5156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/21/2014 06:44:24 PM) (Source: MsiInstaller) (User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.

Error: (01/09/2014 07:12:24 PM) (Source: Bonjour Service) (User: )
Description: 312: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (01/09/2014 07:12:24 PM) (Source: Bonjour Service) (User: )
Description: 288: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (04/08/2014 05:47:38 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/08/2014 05:47:02 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/08/2014 05:46:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk
XPacket

Error: (04/08/2014 05:46:44 PM) (Source: Service Control Manager) (User: )
Description: The Dynamic Virus Protection service failed to start due to the following error:
%%2

Error: (04/08/2014 06:34:57 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/08/2014 06:34:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk
XPacket

Error: (04/08/2014 06:34:22 AM) (Source: Service Control Manager) (User: )
Description: The Dynamic Virus Protection service failed to start due to the following error:
%%2

Error: (04/07/2014 07:16:59 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2014 05:49:19 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (04/07/2014 05:48:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk
XPacket


Microsoft Office Sessions:
=========================
Error: (04/01/2014 11:55:40 PM) (Source: MsiInstaller)(User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)

Error: (03/28/2014 05:57:16 PM) (Source: MsiInstaller)(User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)

Error: (03/24/2014 07:07:41 PM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.5156hungapp0.0.0.000000000

Error: (03/22/2014 06:40:16 PM) (Source: Application Hang)(User: )
Description: Painter 11.exe11.0.1.42hungapp0.0.0.000000000

Error: (03/09/2014 04:53:38 PM) (Source: Application Error)(User: )
Description: painter 11.exe11.0.1.42asi32_14.dll11.0.1.420005c628

Error: (03/09/2014 04:11:04 PM) (Source: Application Error)(User: )
Description: painter 11.exe11.0.1.42asi32_14.dll11.0.1.420005c628

Error: (03/02/2014 08:18:27 PM) (Source: Application Hang)(User: )
Description: firefox.exe27.0.1.5156hungapp0.0.0.000000000

Error: (01/21/2014 06:44:24 PM) (Source: MsiInstaller)(User: BLACKDRAGON)
Description: Product: Java Auto Updater -- Error 1330.A file that is required cannot be installed because the cabinet file C:\Documents and Settings\Ben\Application Data\Sun\Java\AU\au.cab has an invalid digital signature.  This may indicate that the cabinet file is corrupt.  Error 266 was returned by WinVerifyTrust.(NULL)(NULL)(NULL)(NULL)

Error: (01/09/2014 07:12:24 PM) (Source: Bonjour Service)(User: )
Description: 312: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (01/09/2014 07:12:24 PM) (Source: Bonjour Service)(User: )
Description: 288: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 3326.48 MB
Available physical RAM: 1961.8 MB
Total Pagefile: 5210.13 MB
Available Pagefile: 3859.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.94 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:189.91 GB) (Free:105.73 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: C840F189)

Partition: GPT Partition Type.

==================== End Of Log ============================


RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ben [Admin rights]
Mode : Scan -- Date : 04/08/2014 18:52:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 2 ¤¤¤
[FF][PUP] sz0fq6kr.default : AVG Security Toolbar
[CHR][PUP] Default : AVG Security Toolbar

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : PUP ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1        localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6Y200P0 +++++
--- User ---
[MBR] adeb7e568ccbded745a091f0e888a530
[bSP] 9f0530155c2877de90afe33e4f84387b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194466 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04082014_185224.txt >>



 

Link to post
Share on other sites

Lets run some scans:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png

  • Put a checkmark beside loaded modules.

    2012081514h0118.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    19695967.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Last:

Update and run a Threat scan with Malwarebytes, quarantine everything found

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I ran both the TFC and the ADWcleaner. I'm a little confused about the ADWcleaner results. I don't know what any of those things are, specifically. I'll attach the log. Could you please explain which I should remove, if any?

Thanks again for your help. I'll wait to do the final threat scan until after your reply.

 

# AdwCleaner v3.023 - Report created 09/04/2014 at 17:25:03
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Ben - BLACKDRAGON
# Running from : C:\Documents and Settings\Ben\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmf944oq.default\.autoreg
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Ben\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Ben\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\TENCENT
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702



-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\sz0fq6kr.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jmf944oq.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : keyword
Found : icon_url
Found : search_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [7058 octets] - [09/04/2014 17:25:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7118 octets] ##########
 

Link to post
Share on other sites

AVG Secure Search, AVG Security Toolbar and AVG SafeGuard and related registry entries.

These aren't recommended to have on the system.

http://malwaretips.com/blogs/avg-safeguard-toolbar-removal/

http://www.wintips.org/remove-avg-nation-search-toolbar/

http://paidcontent.org/2013/04/23/google-gets-serious-about-toolbar-scams-with-new-ad-policy-forcing-avg-to-retreat/

Please have AdwCleaner clean up all it's found.

Then run Malwarebytes.

MrC

Link to post
Share on other sites

Okay, I ran the temp file cleaner and the Adwcleaner again, and cleaned all found items.

 

Thanks for the heads up about the AVG toolbar. I may have inadvertently installed that years ago, and then "uninstalled" it. I just always knew they weren't worth installing. Now I know they can be possibly dangerous.

 

I ran Malwarebytes Threat scan and it found nothing.

 

 

So far, after about 30 minutes, I have yet to get one of those popups saying that a malicious website is blocked. So, this may have fixed the problem. I'll keep an eye on it for the next couple days.

 

I really do appreciate all your help. I do wonder though, the PUM that Roguekiller found, you didn't comment on that. Is that something I should be concerned about and remove?, or is that part of the AVG toolbar? (pasted below)

 

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Link to post
Share on other sites

I really do appreciate all your help. I do wonder though, the PUM that Roguekiller found, you didn't comment on that. Is that something I should be concerned about and remove?, or is that part of the AVG toolbar? (pasted below)

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

It's really nothing, you can have RogueKiller fix it if you want. You won't see any difference.

Let me know soon, we can't keep post open for an extended period of time.

If everything is OK..

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Security check:

 

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG 2014     
 Authentium AntiVirus SDK - 2  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 51  
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Adobe Reader 9 Adobe Reader out of Date! <-------please uninstall

Adobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Okay, I did all that. However, since I posted last night, I got pinged again by a malicious website that was blocked.

 

Detection, 4/10/2014 10:43:38 PM, SYSTEM, BLACKDRAGON, Protection, Malicious Website Protection, IP, 93.174.93.51, 0, Inbound,
Detection, 4/10/2014 11:01:49 PM, SYSTEM, BLACKDRAGON, Protection, Malicious Website Protection, IP, 109.163.235.100, 0, Inbound,
 

Link to post
Share on other sites

There's not much you can do about Inbound blocks:

For this one.....Look here:

Detection, 4/10/2014 10:43:38 PM, SYSTEM, BLACKDRAGON, Protection, Malicious Website Protection, IP, 93.174.93.51, 0, Inbound,

http://93.174.93.51/

----------------------------------

For this one...look here:

Detection, 4/10/2014 11:01:49 PM, SYSTEM, BLACKDRAGON, Protection, Malicious Website Protection, IP, 109.163.235.100, 0, Inbound,

http://109.163.235.100.ipaddress.com/

MrC

Link to post
Share on other sites

I have to go to work now, but since I clicked on that link, I'm getting non stop inbound blocks from the first one 93.174.93.51, 0.

Neither link gave me an idea why I'd be pinged by them. Why would these IP addresses be trying to access my computer? I posted here because I was concerned about a possible exploit or virus hidden in my computer, but it looks like I don't have anything like that.

Link to post
Share on other sites

Here's what is says on that site:
 

This server is scanning the IPv4 space looking for servers that are running open proxy scripts. All pings from this server are non-malicious. There is no attempt being made to “hack” your server. We are happy to honor opt-out requests from future scans. Fill in the form below and submit your IP or CIDR subnet to be added to the blacklist.

Opt Out Form
Your Email Address
IP or Subnet (in CIDR notation), one per line
Add to Opt-Out List
Allow up to 7 days to process (usually within 24 hours).
Pings
We are using ZMAP to ping most of the IPv4 address space. This powerful tool allows us to quickly send out ping packets and see which servers respond on specific ports. Over time we ping different ports and listen for responses. The pings are spaced apart to prevent overloading any one subnet.

Open Proxies
Just because a server responds to a ping on a specific port does not mean that it is running an open proxy server. To check for open proxy use, we use a simple proxy checking script to try to load an external web document. Open proxy IP's and ports are stored in an internal database and any other IP's are discarded.

Private Data
The data collected by this site is private and is not for sale, rental or release. There are plenty of places you can find free public proxies online.

 

---------------------------------------------------------------

Why this is happening, I don't know. You would have to consult with Malwarebytes on that issue.
We checked the computer for malware and it's now clean.
I run XP Pro , also behind a router, use Open DNS as my server and have PCTools Firewall Plus installed.
Somethings you may want to try.

MrC

Link to post
Share on other sites

You mention that we checked for Malware, and now I'm clean. Was my computer not clean before? I didn't notice that we found any viruses or malware. Did I miss something? I understand that the scan found AVG toolbar, but if I recall correctly, one time when I installed a new version of AVG antivirus, I forgot to uncheck that stupid box for the toolbar but quickly uninstalled everything and reinstalled it without the box checked I understand now that it left traces on my computer that we needed to remove, but besides that, was there some virus or malware that we removed?

Link to post
Share on other sites

Try to understand that you can't stop someone from knocking on your front door, but you don't have to let them in.

That's basically what's happening here with Malwarebytes

Windows XP firewall isn't that good, it only stops in-coming but not out-going.

That's why I suggest to replace you firewall with a better one, I like PC Tools Firewall Plus (Free) or what ever you want.

If you're behind a router that's even better.

1: You had a ton of temp files

2: ComboFix cleared out a lot of items also, just look at the log (nothing major)

3: AdwCleaner took care of the crapware

4: Update and run a scan with your AVG and report back.

MrC

Link to post
Share on other sites

Okay, will do. I'm at work now, but when I get home tonight, I'll run AVG and report back.

 

However, there is one more thing I meant to ask. It shows on the security check scan that I'm running Authentium Antivirus SDK-2. This came bundled with some other download (back when I used to do that) and had a tough time removing it. Apparently it's still there? I had checked last night, and found no way to uninstall it, even with revouninstall. I did some checking back then, and supposedly it's relatively innocuous, and did another search last night, and there were some forum posts about it being harmless, but it shouldn't still show on the security scan as being an installed antivirus. Is there some step I can do to completely remove it?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.