Cannot remove ATT Internet Security

[copiman]

I am helping a friend clean up their laptop. I want to install Avast for them. In the security center (XP), it says that "ATT Internet Security Suite ATT Anti-Virus reports that its up to date and virus scanning is on". I have searched for hours and cannot find it so I can remove it. I have used AT&T removal tool and McAfee Software Removal Tool (since its powered by McAfee). Cannot see it in add/remove or with Revo Uninstaller. Ran Autoruns and don't see it. Looked for folders and files and still can't find it.

Has anyone seen this crap before? Need to get rid of it. Had 505 when I ran Malewarebytes, so I know it garbage. If I can get rid of it, I can install real security (Avast).

 

[johnb35]

Look for something along the lines of SBC yahoo internet applications, should be bundled inside there.

 

[copiman]

Thanks John. The only thing I have found is Yahoo Browser Services and Yahoo Software Update.

 

[johnb35]

http://www.att.com/esupport/article.jsp?sid=KB418421&cv=801#fbid=rmukS9aUT4B

Looks like it has to be done from the owners account.

 

[copiman]

Thanks John. I saw that as well. The issue is my friend no longer has an account with them. They uninstalled McAfee. Now there is no McAfee or Att programs listed in add/remove programs. The only way I know to get rid of it would be to wipe the drive. My friend would rather not do that. Of course the other issue is the ATT does not protect the PC very well, which is why I wanted to install Avast. If you can think of a way around, let me know. Thanks.

 

[johnb35]

Do this and post the log.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

 

[copiman]

I ran OTL. The OTL.txt file is 102KB which exceeds the 19.5KB attachment allowed by the forum. Any ideas how to get this to you?

 

[johnb35]

Just copy and paste into your reply.

 

[copiman]

OTL logfile created on: 2/15/2014 12:03:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 59.57% Memory free
2.54 Gb Paging File | 2.08 Gb Available in Paging File | 81.88% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.81 Gb Total Space | 187.51 Gb Free Space | 80.54% Space Free | Partition Type: NTFS
Drive E: | 70.54 Mb Total Space | 62.04 Mb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: PETRA | User Name: Petra's Stuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Petra's Stuff\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14021501\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll ()
MOD - \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll ()
MOD - C:\Program Files\ArcSoft\Scrapbook Suite\PhotoImpression 5\Share\PIHook.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NgVpnMgr) -- C:\WINDOWS\system32\ngvpnmgr.exe (Aventail Corporation)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (OneTouch 4.0 Monitor) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (JL2005C) -- System32\Drivers\jl2005c.sys File not found
DRV - (Changer) -- File not found
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NgWfp) -- C:\WINDOWS\system32\drivers\ngwfp.sys (Aventail Corporation)
DRV - (NgFilter) -- C:\WINDOWS\system32\drivers\ngfilter.sys (Aventail Corporation)
DRV - (NgVpn) -- C:\WINDOWS\system32\drivers\ngvpn.sys (Aventail Corporation)
DRV - (NgLog) -- C:\WINDOWS\system32\drivers\nglog.sys (Aventail Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (whmice2k) -- C:\WINDOWS\system32\drivers\whmice2k.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm103YYUS&fl=0&ptb=70LfnJ9KUcS5pkCUjRMrrw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 E6 20 BD 0F 29 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin: C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Petra's Stuff\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/08/12 19:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5qffxtbr@Zwinky_5q.com: C:\Program Files\Zwinky_5q\bar\1.bin [2013/08/14 11:04:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/11 20:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/02/10 21:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions
[2009/07/13 06:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions\[email protected]
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/11 20:08:16 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/14 21:28:26 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3033124F-06BF-4829-873A-310A125B4D4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHSETFOREGROUND.CAB (DshSetForegroundWin Class)
O16 - DPF: {5B727CF6-427F-4F23-8CC1-A8A4E80D97D1} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353499863593 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://games.bellsouth.net/Gh/Tumblebugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D7967FA2-F1F9-420D-A49E-9249309056A2} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHDOWNLOAD.CAB (Download Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B1748E5-6FFE-4A2A-87C0-9FB786EA047A}: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8EDEA5A-9411-4BD7-A931-58A19F97A284}: DhcpNameServer = 75.76.84.102 75.76.84.103
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/14 21:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/14 21:13:25 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/14 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/14 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/14 19:33:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Petra's Stuff\Recent
[2014/02/14 19:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/02/14 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2014/02/14 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/02/14 06:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/14 06:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/02/13 19:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/13 18:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/02/13 18:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/11 20:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2014/02/11 20:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/11 20:08:22 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:21 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:20 | 000,410,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:20 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:19 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:17 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/11 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/11 20:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/10 20:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2014/02/08 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/07 21:21:53 | 000,000,000 | -HSD | C] -- C:\BOOT
[2014/02/07 21:21:19 | 000,000,000 | ---D | C] -- C:\My Backups
[2014/02/07 21:21:17 | 000,185,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2014/02/07 21:21:17 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2014/02/07 21:21:16 | 000,052,040 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2014/02/07 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\******
[2014/02/07 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/07 18:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Revo Uninstaller
[2014/02/07 18:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2014/02/07 18:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
[2014/02/02 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/02 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/02 08:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2072 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/15 12:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/15 12:00:09 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/15 11:54:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/15 11:54:39 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/15 11:53:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cda93c1e5284ce.job
[2014/02/15 11:53:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/15 11:53:01 | 1474,408,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 22:22:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 22:08:22 | 000,004,674 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/14 21:28:26 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/14 21:13:49 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/14 21:13:49 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/14 21:13:32 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/14 19:55:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 5900 series.job
[2014/02/14 19:34:23 | 000,007,298 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140214_193413.reg
[2014/02/14 19:31:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/14 18:48:34 | 000,000,285 | -HS- | M] () -- C:\boot.ini
[2014/02/14 18:25:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\HijackThis.lnk
[2014/02/14 18:07:34 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 18:01:07 | 000,001,535 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Yahoo! Mail.lnk
[2014/02/14 17:52:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/14 06:28:42 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/13 20:42:47 | 000,244,694 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140213_204235.reg
[2014/02/13 18:58:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/11 20:46:59 | 000,547,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/11 20:46:59 | 000,106,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/11 20:08:59 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:14 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:14 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:14 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:14 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:14 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/11 20:08:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/10 21:26:37 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/02/10 21:21:37 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2014/02/07 18:52:38 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Revo Uninstaller.lnk
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2072 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/14 21:13:49 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/14 21:13:48 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/14 21:13:47 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/14 21:13:32 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/14 21:13:32 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/14 19:34:17 | 000,007,298 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140214_193413.reg
[2014/02/14 19:31:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/14 18:48:33 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/02/14 18:25:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\HijackThis.lnk
[2014/02/14 18:07:34 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 18:01:07 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Yahoo! Mail.lnk
[2014/02/14 06:28:42 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/14 06:07:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Internet Explorer (2).lnk
[2014/02/13 20:51:12 | 1474,408,448 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/13 20:42:39 | 000,244,694 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140213_204235.reg
[2014/02/13 18:58:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/13 18:58:32 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/11 20:08:36 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/11 20:08:21 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:20 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/10 21:21:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2014/02/10 13:04:58 | 000,000,285 | -HS- | C] () -- C:\boot.ini
[2014/02/07 21:21:15 | 000,040,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2014/02/07 20:25:03 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2014/02/07 20:25:02 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2014/02/07 20:25:02 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2014/02/07 18:52:38 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Revo Uninstaller.lnk
[2012/09/19 06:50:38 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/05/28 11:20:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\rx_image32.Cache
[2012/05/28 08:58:58 | 000,077,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 13:18:14 | 001,781,795 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1231221303-2111386757-1834295113-1007-0.dat
[2010/11/17 12:56:31 | 000,338,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2008/08/19 07:04:41 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\pool.bin
[2007/09/13 17:44:15 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\presets.ini
[2007/06/05 17:28:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/28 10:37:37 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\wklnhst.dat
[2006/12/22 08:42:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\fusioncache.dat
[2006/11/30 18:28:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/02 08:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/02/14 08:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2014/02/11 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/15 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2013/06/16 20:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2009/01/24 07:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/01/25 09:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/05/22 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2007/03/31 17:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2013/07/07 11:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2007/03/20 17:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/07/08 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/22 15:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/11/26 08:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2007/03/01 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/01/05 08:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/04/06 18:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/11/16 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/10/30 15:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/02 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/05/29 14:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2006/11/30 18:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/13 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2009/10/22 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/12/19 15:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/30 18:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2012/05/26 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/30 07:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AT&T
[2014/02/11 20:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2007/11/15 10:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\BellSouth
[2010/10/06 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Coby Media Manager
[2009/01/24 07:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\DriverCure
[2014/02/10 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2013/08/15 15:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\FrostWire
[2013/03/16 08:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\GARMIN
[2007/04/02 19:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\iWin
[2006/12/28 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Leadertech
[2009/02/09 14:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\LinkManager 4.0
[2009/07/10 09:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\OneTouch 4.0
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PlayFirst
[2007/03/25 13:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PTV Game
[2010/06/24 17:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\searchqutb
[2008/10/05 09:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SoundSpectrum
[2007/11/20 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SpinTop
[2006/12/28 10:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Template
[2008/11/07 17:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Viewpoint
[2007/03/31 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Wildfire
[2008/11/19 20:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Desktop Search
[2008/11/20 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7749421
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

< End of report >

 

[johnb35]

At work right now and quickly looking at this, there are some malware issues that need to be dealt with but I don't see anything close to the att security software. It might not be until tomorrow morning when I reply. Just all depends on when I get home from work.

 

[johnb35]

First thing to do would be to run the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

 

[copiman]

Here are the logs. Also, I highlighted in red a few things I noticed in the OTL log posted earlier. Do you think any of those could be causing my issue? One more thing, the JRT did not have an option, when right clicking, to run as administrator. There is no log on for this PC, so it boots in administrator mode.


# AdwCleaner v3.018 - Report created 16/02/2014 at 09:56:57
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Petra's Stuff - PETRA
# Running from : C:\Documents and Settings\Petra's Stuff\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AGI
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Zwinky_5q
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Application Data\SearchquTB
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Browser Manager

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [5qffxtbr@Zwinky_5q.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject
Key Deleted : HKLM\SOFTWARE\Classes\InstallerControl.InstallerObject.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio
Key Deleted : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio.1




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Petra's Stuff on Sun 02/16/2014 at 10:05:29.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/16/2014 at 10:10:31.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.16.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18372
Petra's Stuff :: PETRA [administrator]

Protection: Disabled

2/16/2014 10:42:12 AM
mbam-log-2014-02-16 (10-42-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287926
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[johnb35]

At work again. Run another OTL scan and post it.

Also, you said that something said that the att security program was running and active correct? Where was this info?

If you don't mind, run combofix as well. Just Google search it and use the bleeping computer website to download it. If its active and running, combofix should tell us and can disable it using a script.

 

[copiman]

It was showing up in the Security Center under Control Panel. It said it was running and up to date. Good news, its gone after running Combofix. Just checked it.

Here are the logs you requested.

OTL logfile created on: 2/16/2014 8:29:25 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 62.16% Memory free
2.54 Gb Paging File | 2.11 Gb Available in Paging File | 83.14% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.81 Gb Total Space | 187.59 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
Drive E: | 70.54 Mb Total Space | 62.04 Mb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: PETRA | User Name: Petra's Stuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Petra's Stuff\My Documents\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14021601\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\defs\14021600\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\Program Files\ArcSoft\Scrapbook Suite\PhotoImpression 5\Share\PIHook.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NgVpnMgr) -- C:\WINDOWS\system32\ngvpnmgr.exe (Aventail Corporation)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (OneTouch 4.0 Monitor) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (JL2005C) -- System32\Drivers\jl2005c.sys File not found
DRV - (Changer) -- File not found
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NgWfp) -- C:\WINDOWS\system32\drivers\ngwfp.sys (Aventail Corporation)
DRV - (NgFilter) -- C:\WINDOWS\system32\drivers\ngfilter.sys (Aventail Corporation)
DRV - (NgVpn) -- C:\WINDOWS\system32\drivers\ngvpn.sys (Aventail Corporation)
DRV - (NgLog) -- C:\WINDOWS\system32\drivers\nglog.sys (Aventail Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (whmice2k) -- C:\WINDOWS\system32\drivers\whmice2k.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 E6 20 BD 0F 29 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Petra's Stuff\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/08/12 19:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/11 20:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/02/10 21:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions
[2009/07/13 06:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions\[email protected]
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/11 20:08:16 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/14 21:28:26 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHSETFOREGROUND.CAB (DshSetForegroundWin Class)
O16 - DPF: {5B727CF6-427F-4F23-8CC1-A8A4E80D97D1} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353499863593 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://games.bellsouth.net/Gh/Tumblebugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D7967FA2-F1F9-420D-A49E-9249309056A2} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHDOWNLOAD.CAB (Download Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B1748E5-6FFE-4A2A-87C0-9FB786EA047A}: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8EDEA5A-9411-4BD7-A931-58A19F97A284}: DhcpNameServer = 75.76.84.102 75.76.84.103
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/16 10:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/16 10:40:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/16 10:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/02/16 10:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/16 09:53:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 18:11:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Petra's Stuff\Recent
[2014/02/14 21:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/02/14 21:13:25 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014/02/14 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/14 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/14 19:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/02/14 18:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2014/02/14 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/02/14 06:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/14 06:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/02/13 19:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/13 18:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/02/13 18:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/11 20:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2014/02/11 20:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/11 20:08:22 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:21 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:20 | 000,410,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:20 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:19 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:17 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/11 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/11 20:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/10 20:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2014/02/08 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/07 21:21:53 | 000,000,000 | -HSD | C] -- C:\BOOT
[2014/02/07 21:21:19 | 000,000,000 | ---D | C] -- C:\My Backups
[2014/02/07 21:21:17 | 000,185,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2014/02/07 21:21:17 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2014/02/07 21:21:16 | 000,052,040 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2014/02/07 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\******
[2014/02/07 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/07 18:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Revo Uninstaller
[2014/02/07 18:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2014/02/07 18:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
[2014/02/02 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/02 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/02 08:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2072 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/16 20:22:14 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/16 20:08:04 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/16 20:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/16 19:55:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 5900 series.job
[2014/02/16 18:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cda93c1e5284ce.job
[2014/02/16 10:40:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/16 10:01:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/16 09:59:39 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/16 09:58:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/16 09:58:34 | 1474,408,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 22:08:22 | 000,004,674 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/14 21:28:26 | 000,450,613 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/14 21:13:49 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/14 21:13:49 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/14 21:13:32 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/14 19:34:23 | 000,007,298 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140214_193413.reg
[2014/02/14 19:31:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/14 18:48:34 | 000,000,285 | -HS- | M] () -- C:\boot.ini
[2014/02/14 18:25:36 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\HijackThis.lnk
[2014/02/14 18:07:34 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 18:01:07 | 000,001,535 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Yahoo! Mail.lnk
[2014/02/14 17:52:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/14 06:28:42 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/13 20:42:47 | 000,244,694 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140213_204235.reg
[2014/02/13 18:58:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/11 20:46:59 | 000,547,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/11 20:46:59 | 000,106,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/11 20:08:59 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:14 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:14 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:14 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:14 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:14 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/11 20:08:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/10 21:26:37 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/02/10 21:21:37 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2014/02/07 18:52:38 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Revo Uninstaller.lnk
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2072 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/16 10:40:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 21:13:49 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/02/14 21:13:48 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/02/14 21:13:47 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/02/14 21:13:32 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/02/14 21:13:32 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014/02/14 19:34:17 | 000,007,298 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140214_193413.reg
[2014/02/14 19:31:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/02/14 18:48:33 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/02/14 18:25:36 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\HijackThis.lnk
[2014/02/14 18:07:34 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 18:01:07 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Yahoo! Mail.lnk
[2014/02/14 06:28:42 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/14 06:07:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Internet Explorer (2).lnk
[2014/02/13 20:51:12 | 1474,408,448 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/13 20:42:39 | 000,244,694 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\cc_20140213_204235.reg
[2014/02/13 18:58:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/13 18:58:32 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/11 20:08:36 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/11 20:08:21 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:20 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/10 21:21:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2014/02/10 13:04:58 | 000,000,285 | -HS- | C] () -- C:\boot.ini
[2014/02/07 21:21:15 | 000,040,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2014/02/07 20:25:03 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2014/02/07 20:25:02 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2014/02/07 20:25:02 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2014/02/07 18:52:38 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Revo Uninstaller.lnk
[2012/09/19 06:50:38 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/05/28 11:20:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\rx_image32.Cache
[2012/05/28 08:58:58 | 000,077,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 13:18:14 | 001,781,795 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1231221303-2111386757-1834295113-1007-0.dat
[2010/11/17 12:56:31 | 000,338,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2008/08/19 07:04:41 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\pool.bin
[2007/09/13 17:44:15 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\presets.ini
[2007/06/05 17:28:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/28 10:37:37 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\wklnhst.dat
[2006/12/22 08:42:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\fusioncache.dat
[2006/11/30 18:28:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/02 08:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2014/02/11 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/15 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2009/01/24 07:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/05/22 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2007/03/31 17:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2013/07/07 11:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2007/03/20 17:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/07/08 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/22 15:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/11/26 08:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2007/03/01 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/01/05 08:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/04/06 18:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/11/16 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/10/30 15:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/02 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/05/29 14:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/13 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2009/10/22 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/12/19 15:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/30 18:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2012/05/26 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/30 07:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AT&T
[2014/02/11 20:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2007/11/15 10:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\BellSouth
[2010/10/06 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Coby Media Manager
[2014/02/10 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2013/08/15 15:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\FrostWire
[2013/03/16 08:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\GARMIN
[2006/12/28 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Leadertech
[2009/02/09 14:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\LinkManager 4.0
[2009/07/10 09:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\OneTouch 4.0
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PlayFirst
[2007/03/25 13:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PTV Game
[2008/10/05 09:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SoundSpectrum
[2007/11/20 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SpinTop
[2006/12/28 10:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Template
[2007/03/31 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Wildfire
[2008/11/19 20:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Desktop Search
[2008/11/20 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7749421
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

< End of report >


Had to send in 2 posts. Too many characters. Sending Combofix log in next post.

 

[copiman]

Here is the Combofix log. After you look at these logs, is there anything else that needs addressing?


ComboFix 14-02-16.01 - Petra's Stuff 02/16/2014 20:46:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.631 [GMT -5:00]
Running from: c:\documents and settings\Petra's Stuff\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Petra's Stuff\WINDOWS
C:\install.exe
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET11.tmp
c:\program files\Internet Explorer\SET12.tmp
c:\program files\Internet Explorer\SET13.tmp
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
c:\program files\Internet Explorer\SET16.tmp
c:\program files\Internet Explorer\SET169.tmp
c:\program files\Internet Explorer\SET16A.tmp
c:\program files\Internet Explorer\SET16B.tmp
c:\program files\Internet Explorer\SET17.tmp
c:\program files\Internet Explorer\SET17C.tmp
c:\program files\Internet Explorer\SET17D.tmp
c:\program files\Internet Explorer\SET17E.tmp
c:\program files\Internet Explorer\SET18.tmp
c:\program files\Internet Explorer\SET19.tmp
c:\program files\Internet Explorer\SET1A.tmp
c:\program files\Internet Explorer\SET1B.tmp
c:\program files\Internet Explorer\SET1C.tmp
c:\program files\Internet Explorer\SET1D.tmp
c:\program files\Internet Explorer\SET1E.tmp
c:\program files\Internet Explorer\SET1F.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET20.tmp
c:\program files\Internet Explorer\SET21.tmp
c:\program files\Internet Explorer\SET22.tmp
c:\program files\Internet Explorer\SET23.tmp
c:\program files\Internet Explorer\SET24.tmp
c:\program files\Internet Explorer\SET25.tmp
c:\program files\Internet Explorer\SET254.tmp
c:\program files\Internet Explorer\SET255.tmp
c:\program files\Internet Explorer\SET256.tmp
c:\program files\Internet Explorer\SET26.tmp
c:\program files\Internet Explorer\SET27.tmp
c:\program files\Internet Explorer\SET277.tmp
c:\program files\Internet Explorer\SET278.tmp
c:\program files\Internet Explorer\SET279.tmp
c:\program files\Internet Explorer\SET28.tmp
c:\program files\Internet Explorer\SET29.tmp
c:\program files\Internet Explorer\SET2A.tmp
c:\program files\Internet Explorer\SET2B.tmp
c:\program files\Internet Explorer\SET2B8.tmp
c:\program files\Internet Explorer\SET2B9.tmp
c:\program files\Internet Explorer\SET2BA.tmp
c:\program files\Internet Explorer\SET2C.tmp
c:\program files\Internet Explorer\SET2C0.tmp
c:\program files\Internet Explorer\SET2C1.tmp
c:\program files\Internet Explorer\SET2C2.tmp
c:\program files\Internet Explorer\SET2D.tmp
c:\program files\Internet Explorer\SET2E.tmp
c:\program files\Internet Explorer\SET2F.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET30.tmp
c:\program files\Internet Explorer\SET31.tmp
c:\program files\Internet Explorer\SET317.tmp
c:\program files\Internet Explorer\SET318.tmp
c:\program files\Internet Explorer\SET319.tmp
c:\program files\Internet Explorer\SET32.tmp
c:\program files\Internet Explorer\SET33.tmp
c:\program files\Internet Explorer\SET34.tmp
c:\program files\Internet Explorer\SET344.tmp
c:\program files\Internet Explorer\SET345.tmp
c:\program files\Internet Explorer\SET346.tmp
c:\program files\Internet Explorer\SET35.tmp
c:\program files\Internet Explorer\SET36.tmp
c:\program files\Internet Explorer\SET37.tmp
c:\program files\Internet Explorer\SET38.tmp
c:\program files\Internet Explorer\SET39.tmp
c:\program files\Internet Explorer\SET3A.tmp
c:\program files\Internet Explorer\SET3B.tmp
c:\program files\Internet Explorer\SET3C.tmp
c:\program files\Internet Explorer\SET3CF.tmp
c:\program files\Internet Explorer\SET3D.tmp
c:\program files\Internet Explorer\SET3D0.tmp
c:\program files\Internet Explorer\SET3D1.tmp
c:\program files\Internet Explorer\SET3E.tmp
c:\program files\Internet Explorer\SET3F.tmp
c:\program files\Internet Explorer\SET3FA.tmp
c:\program files\Internet Explorer\SET3FB.tmp
c:\program files\Internet Explorer\SET3FC.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET40.tmp
c:\program files\Internet Explorer\SET41.tmp
c:\program files\Internet Explorer\SET42.tmp
c:\program files\Internet Explorer\SET42E.tmp
c:\program files\Internet Explorer\SET42F.tmp
c:\program files\Internet Explorer\SET43.tmp
c:\program files\Internet Explorer\SET430.tmp
c:\program files\Internet Explorer\SET44.tmp
c:\program files\Internet Explorer\SET45.tmp
c:\program files\Internet Explorer\SET46.tmp
c:\program files\Internet Explorer\SET48D.tmp
c:\program files\Internet Explorer\SET48E.tmp
c:\program files\Internet Explorer\SET48F.tmp
c:\program files\Internet Explorer\SET4A.tmp
c:\program files\Internet Explorer\SET4B.tmp
c:\program files\Internet Explorer\SET4C.tmp
c:\program files\Internet Explorer\SET4EC.tmp
c:\program files\Internet Explorer\SET4ED.tmp
c:\program files\Internet Explorer\SET4EE.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET53.tmp
c:\program files\Internet Explorer\SET54.tmp
c:\program files\Internet Explorer\SET54B.tmp
c:\program files\Internet Explorer\SET54C.tmp
c:\program files\Internet Explorer\SET54D.tmp
c:\program files\Internet Explorer\SET55.tmp
c:\program files\Internet Explorer\SET576.tmp
c:\program files\Internet Explorer\SET577.tmp
c:\program files\Internet Explorer\SET578.tmp
c:\program files\Internet Explorer\SET5AB.tmp
c:\program files\Internet Explorer\SET5AC.tmp
c:\program files\Internet Explorer\SET5AD.tmp
c:\program files\Internet Explorer\SET5D8.tmp
c:\program files\Internet Explorer\SET5D9.tmp
c:\program files\Internet Explorer\SET5DA.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET60A.tmp
c:\program files\Internet Explorer\SET60B.tmp
c:\program files\Internet Explorer\SET60C.tmp
c:\program files\Internet Explorer\SET63.tmp
c:\program files\Internet Explorer\SET64.tmp
c:\program files\Internet Explorer\SET65.tmp
c:\program files\Internet Explorer\SET6D0.tmp
c:\program files\Internet Explorer\SET6D1.tmp
c:\program files\Internet Explorer\SET6D2.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET8.tmp
c:\program files\Internet Explorer\SET9.tmp
c:\program files\Internet Explorer\SETA.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETC0.tmp
c:\program files\Internet Explorer\SETC1.tmp
c:\program files\Internet Explorer\SETC2.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\program files\Internet Explorer\SETE.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\windows\explorer(2).exe
c:\windows\system32\SET10.tmp
c:\windows\system32\SET100.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET108.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET125.tmp
c:\windows\system32\SET126.tmp
c:\windows\system32\SET127.tmp
c:\windows\system32\SET128.tmp
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET12C.tmp
c:\windows\system32\SET12D.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET140.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET160.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET177.tmp
c:\windows\system32\SET178.tmp
c:\windows\system32\SET179.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17C.tmp
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET17F.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET184.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET186.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18A.tmp
c:\windows\system32\SET18B.tmp
c:\windows\system32\SET18C.tmp
c:\windows\system32\SET18D.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET193.tmp
c:\windows\system32\SET194.tmp
c:\windows\system32\SET195.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19A.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET19F.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A1.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A3.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A5.tmp
c:\windows\system32\SET1A6.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1B9.tmp
c:\windows\system32\SET1BA.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1BF.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1C0.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CD.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1CF.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1D0.tmp
c:\windows\system32\SET1D1.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D4.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1D9.tmp
c:\windows\system32\SET1DA.tmp
c:\windows\system32\SET1DB.tmp
c:\windows\system32\SET1DC.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-16 15:40 . 2014-02-16 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-16 15:40 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-16 15:05 . 2014-02-16 15:05 -------- d-----w- c:\windows\ERUNT
2014-02-16 14:53 . 2014-02-16 14:57 -------- d-----w- C:\AdwCleaner
2014-02-15 02:13 . 2013-09-20 14:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-02-15 02:13 . 2014-02-15 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2014-02-15 02:13 . 2014-02-15 02:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-02-14 23:25 . 2014-02-14 23:25 -------- d-----w- c:\program files\Trend Micro
2014-02-14 11:02 . 2014-02-14 11:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-02-14 00:23 . 2014-02-14 11:02 -------- d-----w- c:\program files\Common Files\Java
2014-02-14 00:22 . 2014-02-14 00:22 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-02-14 00:22 . 2014-02-14 00:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-12 01:09 . 2014-02-12 01:09 -------- d-----w- c:\documents and settings\Petra's Stuff\Application Data\AVAST Software
2014-02-12 01:08 . 2014-02-12 01:08 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-12 01:08 . 2014-02-12 01:08 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-12 01:08 . 2014-02-12 01:08 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-12 01:08 . 2014-02-12 01:08 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-12 01:08 . 2014-02-12 01:08 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-12 01:08 . 2014-02-12 01:08 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-12 01:08 . 2014-02-12 01:08 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-12 01:08 . 2014-02-12 01:08 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-12 01:08 . 2014-02-12 01:08 43152 ----a-w- c:\windows\avastSS.scr
2014-02-12 01:07 . 2014-02-12 01:07 -------- d-----w- c:\program files\AVAST Software
2014-02-12 01:06 . 2014-02-12 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-02-11 01:24 . 2014-02-11 01:24 -------- d-----w- c:\documents and settings\Petra's Stuff\Application Data\ElevatedDiagnostics
2014-02-08 12:43 . 2014-02-15 00:31 -------- d-----w- c:\program files\CCleaner
2014-02-08 02:21 . 2014-02-13 23:31 -------- d-----w- C:\BOOT
2014-02-08 02:21 . 2014-02-08 02:21 -------- d-----w- C:\My Backups
2014-02-08 02:21 . 2013-09-04 16:22 185800 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2014-02-08 02:21 . 2013-09-04 16:22 14920 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2014-02-08 02:21 . 2013-09-04 16:22 52040 ----a-w- c:\windows\system32\drivers\eubakup.sys
2014-02-08 02:21 . 2013-09-04 16:22 40776 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2014-02-08 02:14 . 2014-02-14 11:02 -------- d-----w- c:\program files\******
2014-02-08 01:25 . 2013-09-30 21:26 2881848 ----a-w- c:\windows\system32\pwNative.exe
2014-02-08 01:25 . 2013-09-30 21:26 15688 ------w- c:\windows\system32\pwdrvio.sys
2014-02-08 01:25 . 2013-09-30 21:26 10320 ------w- c:\windows\system32\pwdspio.sys
2014-02-07 23:52 . 2014-02-07 23:52 -------- d-----w- c:\program files\VS Revo Group
2014-02-07 23:19 . 2014-02-12 01:18 -------- d-----w- c:\program files\Belarc
2014-02-02 13:34 . 2014-02-02 13:34 -------- d-----w- c:\program files\iPod
2014-02-02 13:34 . 2014-02-02 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-08 10:47 . 2012-04-19 18:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-08 10:47 . 2011-05-25 19:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-05 11:26 . 2004-08-10 18:51 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2004-08-10 18:51 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2012-10-13 18:03 . 2012-10-13 18:03 4096000 -c--a-w- c:\program files\GUT6D.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-12 01:08 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-12 3767096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-12-19 5580752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer]
/C [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-01-20 18:16 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 17:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-02 00:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-02-06 17:20 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2009-04-20 15:10 84464 ----a-w- c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 22:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 -c----w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-03-27 20:18 1098072 ----a-w- c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 13:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2008-10-24 13:14 206112 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2008-10-24 13:14 79136 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-01-20 21:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 16:52 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-09-22 17:06 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-04-05 00:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-09-22 17:47 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"wlidsvc"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"RoxWatch11"=2 (0x2)
"RoxMediaDB11"=3 (0x3)
"RoxLiveShare11"=2 (0x2)
"Roxio Upnp Server 11"=2 (0x2)
"Roxio UPnP Renderer 11"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"OneTouch 4.0 Monitor"=2 (0x2)
"odserv"=3 (0x3)
"NgVpnMgr"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"MDM"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McComponentHostService"=3 (0x3)
"McAfee SiteAdvisor Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Garmin Core Update Service"=2 (0x2)
"GamesAppService"=3 (0x3)
"fsssvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=2 (0x2)
"ACDaemon"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:Windows Remote Management
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2/11/2014 8:08 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2/11/2014 8:08 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/11/2014 8:08 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/11/2014 8:08 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2/11/2014 8:08 PM 67824]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/16/2014 10:40 AM 418376]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2/14/2014 9:13 PM 2729432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/16/2014 10:40 AM 22856]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2/2/2010 6:38 AM 79944]
R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\drivers\whmice2k.sys [4/25/2004 7:38 PM 6885]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/16/2014 10:40 AM 701512]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2/14/2014 9:13 PM 3666392]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2/14/2014 9:13 PM 171928]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2/2/2010 6:39 AM 22600]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2/2/2010 6:38 AM 27208]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2/2/2010 6:39 AM 25160]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2/7/2014 8:25 PM 15688]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2/7/2014 8:25 PM 10320]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [1/25/2007 10:45 AM 6784]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
S4 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [3/27/2013 3:17 PM 185688]
S4 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2/2/2010 6:39 AM 240816]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/13/2008 11:25 PM 313840]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/13/2008 11:25 PM 367088]
S4 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/13/2008 11:24 PM 309744]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [3/3/2009 9:58 PM 1122304]
S4 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/13/2008 11:24 PM 170480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSCHEDULER
*NewlyCreated* - MBAMSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-07 23:17 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 10:47]
.
2014-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2014-02-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-12 01:08]
.
2014-02-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-02-15 19:37]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cda93c1e5284ce.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 00:32]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-05 00:32]
.
2014-02-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-02-15 19:33]
.
2014-02-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2014-02-15 19:34]
.
2014-02-17 c:\windows\Tasks\WebReg Deskjet 5900 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 21:45]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl = hxxp://www.google.com
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 75.76.84.102 75.76.84.103
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} - hxxp://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHSETFOREGROUND.CAB
DPF: {5B727CF6-427F-4F23-8CC1-A8A4E80D97D1} - hxxp://10.189.19.10/hrs/download/Setup.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://games.bellsouth.net/Gh/Tumblebugs/axhost.cab
DPF: {D7967FA2-F1F9-420D-A49E-9249309056A2} - hxxp://10.189.19.10/hrs/download/Setup.cab
DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} - hxxp://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHDOWNLOAD.CAB
FF - ProfilePath - c:\documents and settings\Petra's Stuff\Application Data\Mozilla\Firefox\Profiles\ecjwbyf1.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
AddRemove-Eyewitness World Atlas DVD - c:\windows\UNINST.EXE -rDK Multimedia\Eyewitness World Atlas DVD\1.0.0.0
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-16 21:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3644)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\ArcSoft\Scrapbook Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system32\SearchIndexer.exe
.
**************************************************************************
.
Completion time: 2014-02-16 21:11:32 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-17 02:11
.
Pre-Run: 201,479,999,488 bytes free
Post-Run: 201,362,382,848 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C1792A3E86EDFAAED676F789F255AD85
5CB90281D1A59B251F6603134774EEC3

 

[johnb35]

Open OTL and copy and paste the following into the custom scans/fixes box.

:OTL
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7749421
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040

Then click on run fix up top.

 

[copiman]

About to head out to work. Will do when I get home this evening. What does this do? Trying to learn.

And thank you very much for taking the time to help me. You have been extremely helpful to me in fixing issues and helping me learn more. I am working on getting into the computer and networking field.

 

[copiman]

Here is the log OTL produced after doing what you told me. Is there anything else you feel I need to do?


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56071E0D-C61B-11D3-B41C-00E02927A304}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7749421 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:57DC3B52 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040 .

OTL by OldTimer - Version 3.2.69.0 log created on 02182014_181005

 

[johnb35]

Can you OTL again? Wanting to make sure those entries that didn't get deleted are actually gone. Open OTL and click on quick scan and post the results.

 

[copiman]

Here is the OTL log


OTL logfile created on: 2/18/2014 7:07:42 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 67.77% Memory free
2.54 Gb Paging File | 2.26 Gb Available in Paging File | 88.78% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.81 Gb Total Space | 188.09 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
Drive E: | 70.54 Mb Total Space | 62.04 Mb Free Space | 87.96% Space Free | Partition Type: NTFS

Computer Name: PETRA | User Name: Petra's Stuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Petra's Stuff\My Documents\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14021801\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\Program Files\ArcSoft\Scrapbook Suite\PhotoImpression 5\Share\PIHook.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (NgVpnMgr) -- C:\WINDOWS\system32\ngvpnmgr.exe (Aventail Corporation)
SRV - (RoxMediaDB11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 11) -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe (Sonic Solutions)
SRV - (RoxLiveShare11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe (Sonic Solutions)
SRV - (RoxWatch11) -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe (Sonic Solutions)
SRV - (OneTouch 4.0 Monitor) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe (Visioneer Inc.)
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (JL2005C) -- System32\Drivers\jl2005c.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswmonflt.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (pwdrvio) -- C:\WINDOWS\system32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\WINDOWS\system32\pwdspio.sys ()
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NgWfp) -- C:\WINDOWS\system32\drivers\ngwfp.sys (Aventail Corporation)
DRV - (NgFilter) -- C:\WINDOWS\system32\drivers\ngfilter.sys (Aventail Corporation)
DRV - (NgVpn) -- C:\WINDOWS\system32\drivers\ngvpn.sys (Aventail Corporation)
DRV - (NgLog) -- C:\WINDOWS\system32\drivers\nglog.sys (Aventail Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (whfltr2k) -- C:\WINDOWS\system32\drivers\whfltr2k.sys ()
DRV - (MCSTRM) -- C:\WINDOWS\System32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (whmice2k) -- C:\WINDOWS\system32\drivers\whmice2k.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061130
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 E6 20 BD 0F 29 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Petra's Stuff\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/08/12 19:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/11 20:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/02/10 21:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions
[2009/07/13 06:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\Extensions\[email protected]
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/13 18:58:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/11 20:08:16 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Documents and Settings\Petra's Stuff\Application Data\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/02/16 21:03:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHSETFOREGROUND.CAB (DshSetForegroundWin Class)
O16 - DPF: {5B727CF6-427F-4F23-8CC1-A8A4E80D97D1} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1353499863593 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://games.bellsouth.net/Gh/Tumblebugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://games.bellsouth.net/Gh/FeedingFrenzy/SproutLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {D7967FA2-F1F9-420D-A49E-9249309056A2} http://10.189.19.10/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (Reg Error: Key error.)
O16 - DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} http://dashboard.smshealthconx.net/dsh/02020300/html/SMSDSHDOWNLOAD.CAB (Download Class)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B1748E5-6FFE-4A2A-87C0-9FB786EA047A}: DhcpNameServer = 75.76.84.102 75.76.84.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8EDEA5A-9411-4BD7-A931-58A19F97A284}: DhcpNameServer = 75.76.84.102 75.76.84.103
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 18:10:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/17 19:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 9
[2014/02/17 19:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014/02/16 22:19:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/16 21:11:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/02/16 20:44:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/16 20:41:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/16 20:41:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/16 20:41:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/16 20:41:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/16 20:40:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 20:40:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/16 10:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/16 09:53:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/15 18:11:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Petra's Stuff\Recent
[2014/02/14 21:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/02/14 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/14 18:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2014/02/14 06:02:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/02/14 06:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/02/13 19:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/02/13 18:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2014/02/13 18:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/11 20:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2014/02/11 20:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/02/11 20:08:22 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:21 | 000,775,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:20 | 000,410,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:20 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:19 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:17 | 000,270,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/11 20:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/11 20:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/10 20:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2014/02/07 21:21:53 | 000,000,000 | ---D | C] -- C:\BOOT
[2014/02/07 21:21:19 | 000,000,000 | ---D | C] -- C:\My Backups
[2014/02/07 21:21:17 | 000,185,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2014/02/07 21:21:17 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2014/02/07 21:21:16 | 000,052,040 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2014/02/07 21:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\******
[2014/02/07 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/02/07 18:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2014/02/07 18:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petra's Stuff\My Documents\Downloads
[2014/02/02 08:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/02/02 08:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/02 08:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1842 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/18 19:03:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/18 18:22:49 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/18 18:22:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cda93c1e5284ce.job
[2014/02/18 18:07:03 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/18 18:02:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/18 18:00:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/18 18:00:37 | 1474,408,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/18 06:40:56 | 000,353,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/17 19:54:59 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\WebReg Deskjet 5900 series.job
[2014/02/17 19:25:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
[2014/02/17 18:49:10 | 000,000,402 | RHS- | M] () -- C:\boot.ini
[2014/02/16 22:23:22 | 000,004,737 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/02/16 21:03:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/14 18:48:34 | 000,000,285 | ---- | M] () -- C:\Boot.bak
[2014/02/14 18:07:34 | 000,550,371 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 17:52:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/14 06:28:42 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/13 18:58:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/11 20:46:59 | 000,547,994 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/11 20:46:59 | 000,106,020 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/11 20:08:59 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmonflt.sys
[2014/02/11 20:08:14 | 000,775,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/02/11 20:08:14 | 000,410,784 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/02/11 20:08:14 | 000,270,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/02/11 20:08:14 | 000,180,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:14 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/02/11 20:08:14 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/02/11 20:08:14 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/11 20:08:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/02/10 21:26:37 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/02/10 21:21:37 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[4 C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1978 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1842 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/17 19:25:06 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 9.lnk
[2014/02/16 20:44:07 | 000,000,285 | ---- | C] () -- C:\Boot.bak
[2014/02/16 20:44:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/16 20:41:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/16 20:41:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/16 20:41:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/16 20:41:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/16 20:41:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/14 18:07:34 | 000,550,371 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\My Documents\Autoruns.zip
[2014/02/14 06:28:42 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\iTunes.lnk
[2014/02/14 06:08:51 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Google Chrome.lnk
[2014/02/14 06:08:20 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Mozilla Firefox.lnk
[2014/02/14 06:07:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Desktop\Internet Explorer.lnk
[2014/02/14 06:07:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Start Menu\Programs\Internet Explorer (2).lnk
[2014/02/13 20:51:12 | 1474,408,448 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/13 18:58:32 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/13 18:58:32 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/11 20:08:36 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/11 20:08:21 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/02/11 20:08:20 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/02/10 21:21:37 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2014/02/10 13:04:58 | 000,000,402 | RHS- | C] () -- C:\boot.ini
[2014/02/07 21:21:15 | 000,040,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2014/02/07 20:25:03 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2014/02/07 20:25:02 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2014/02/07 20:25:02 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012/09/19 06:50:38 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ftstate.ini
[2012/05/28 11:20:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\rx_image32.Cache
[2012/05/28 08:58:58 | 000,077,132 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/10 13:18:14 | 001,781,795 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1231221303-2111386757-1834295113-1007-0.dat
[2010/11/17 12:56:31 | 000,338,190 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2008/08/19 07:04:41 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\pool.bin
[2007/09/13 17:44:15 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\presets.ini
[2007/06/05 17:28:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/28 10:37:37 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Application Data\wklnhst.dat
[2006/12/22 08:42:55 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Petra's Stuff\Local Settings\Application Data\fusioncache.dat
[2006/11/30 18:28:21 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/02 08:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2014/02/11 20:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/15 09:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BellSouth
[2009/01/24 07:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2008/05/22 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2007/03/31 17:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2013/07/07 11:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2007/03/20 17:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/07/08 19:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/11/22 15:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/11/26 08:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2007/03/01 20:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2013/01/05 08:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/04/06 18:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2010/11/16 09:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2007/11/02 16:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/05/29 14:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/06/13 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2009/10/22 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2010/12/19 15:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/30 18:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2012/05/26 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/30 07:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 19:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AT&T
[2014/02/11 20:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\AVAST Software
[2007/11/15 10:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Aventail
[2007/10/30 18:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\BellSouth
[2010/10/06 14:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Coby Media Manager
[2014/02/10 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\ElevatedDiagnostics
[2013/08/15 15:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\FrostWire
[2013/03/16 08:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\GARMIN
[2006/12/28 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Leadertech
[2009/02/09 14:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\LinkManager 4.0
[2009/07/10 09:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\OneTouch 4.0
[2009/10/16 11:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PlayFirst
[2007/03/25 13:24:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\PTV Game
[2008/10/05 09:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SoundSpectrum
[2007/11/20 12:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\SpinTop
[2006/12/28 10:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Template
[2007/03/31 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Wildfire
[2008/11/19 20:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Desktop Search
[2008/11/20 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petra's Stuff\Application Data\Windows Search

========== Purity Check ==========



< End of report >