I am in need of expert assistance in removal the nemesis virus "url:mal" . I've also seen pop up from Avast blocking "url:mal2".
I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad:
Thanks in advance.:bang head:
Dell Inspiron 8250
WinXP
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Larry Crooms at 9:30:34 on 2013-12-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.118 [GMT -5:00]
.
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Larry Crooms\Application Data\Fyzoin\ocgec.exe
C:\Program Files\Allen Datagraph\Cutter Driver\AllenSpooler.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\TWAIN_32\ScanWiz5\SDII.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F5CE43F7-0125-48AC-9771-A262CFA85AC1}
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TransSend Object: {E8AC0181-7B34-4507-BFFD-2B020BCC645A} - c:\program files\bluetooth sig\transsend\TransSend.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Temp File Cleaner DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
TB: Temp File Cleaner DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {0494D0DE-F8E0-41AD-92A3-14154ECE70AC} - <orphaned>
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [EPSON Stylus CX7000F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S89.tmp" /EF "HKCU"
uRun: [\\P3 LARRY C\EPSON CX7000] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S10B.tmp" /EF "HKCU"
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S1FF.tmp" /EF "HKCU"
uRun: [Auto WorkForce 610(Network) on INSPIRON] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S2E7.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Auto WorkForce 610(Network) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SA6.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S565.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 610 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S3C6.tmp" /EF "HKCU"
uRun: [Auto EPSON Stylus CX7000F Series on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S22.tmp" /EF "HKCU"
uRun: [Auto EPSON WorkForce 610 Series on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S25.tmp" /EF "HKCU"
uRun: [Auto EPSONDDBBEB on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S27.tmp" /EF "HKCU"
uRun: [Auto EPSON WorkForce 610 Series (Copy 2) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S29.tmp" /EF "HKCU"
uRun: [Alyrluy] "c:\documents and settings\larry crooms\application data\fyzoin\ocgec.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
mRun: [SSRunScript] "c:\program files\support.com\charter\bin\ssrunscript.exe" /script "c:\program files\support.com\charter\vbs\verifyconnection.vbs" /args //b startupdelay
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [EPSON Stylus C88 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O15 "IP_192.168.0.10" /M "Stylus C88"
mRun: [Auto EPSON Stylus C88 Series (Copy 1) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p53 "auto epson stylus c88 series (copy 1) on bethslaptop2" /o23 "\\bethslaptop2\Printer4" /M "Stylus C88"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Alyrluy] "c:\documents and settings\larry crooms\application data\fyzoin\ocgec.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\documents and settings\larry crooms\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\allens~1.lnk - c:\program files\allen datagraph\cutter driver\AllenSpooler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\windows\twain_32\scanwiz5\SDII.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: dontdisplaysecondusername = dword:775409736
mPolicies-System: dontdisplayfirstusername = 1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/24/install/gtdownls.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.cadlink.com/download/disk1/setup.exe
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://web1.nugs.net/dev/dlControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5330/mcfscan.cab
TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38
TCP: Interfaces\{E43BA632-488D-4885-9D8D-83CB969B9BE7} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
Notify: dimsntfy - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry crooms\application data\mozilla\firefox\profiles\h0pillt2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/tempcleaner/{F5CE43F7-0125-48AC-9771-A262CFA85AC1}?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-7 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-2-14 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-2-14 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-21 175176]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-13 64288]
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2007-5-27 9472]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-2-14 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-14 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-7 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-2-14 137960]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2002-6-12 20704]
R3 SNXPPALXP;Sunix XP PCI Multi I/O Parallel Port Driver ;c:\windows\system32\drivers\snxppalxp.sys [2002-6-4 75264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 ptssvc;ptssvc;c:\program files\kodak\kodak picture transfer software\ptssvc.exe --> c:\program files\kodak\kodak picture transfer software\PTSsvc.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Beomga6min;Beomga6min; [x]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 ONXPAR;ONXPAR;\??\c:\windows\system32\onxpar.sys --> c:\windows\system32\ONXPAR.SYS [?]
S3 RSPSC;RSPSC;c:\windows\system32\drivers\rspsc.sys --> c:\windows\system32\drivers\rspsc.sys [?]
S3 TMSPPCI;PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2002-6-12 20704]
S3 TMSPPCIP;PCI Multi I/O Parallel Port Driver;c:\windows\system32\drivers\snxppal.sys [2002-6-12 23039]
S4 0263961200348408mcinstcleanup;McAfee Application Installer Cleanup (0263961200348408);c:\windows\temp\026396~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\026396~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
.
=============== File Associations ===============
.
ShellExec: mkwACT.exe: verify="c:\program files\michael k. weise\mkw audio compression toolkit\mkwACT.exe"
.
=============== Created Last 30 ================
.
2013-12-24 14:05:07 -------- d-----w- C:\TEMP
2013-12-24 12:09:58 -------- d-----w- c:\windows\system32\wbem\Logs
2013-12-23 16:51:33 -------- d-----w- c:\documents and settings\larry crooms\application data\Kahuipr
2013-12-23 16:50:52 -------- d-----w- c:\documents and settings\larry crooms\application data\Sulyfo
2013-12-23 16:49:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Nynewaa
2013-12-23 16:48:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Siypry
2013-12-23 16:41:24 -------- d-----w- c:\documents and settings\larry crooms\application data\Ahivwod
2013-12-23 16:39:30 -------- d-----w- c:\documents and settings\larry crooms\application data\Gabiisy
2013-12-23 16:38:36 -------- d-----w- c:\documents and settings\larry crooms\application data\Iqpivuc
2013-12-23 16:36:11 -------- d-----w- c:\documents and settings\larry crooms\application data\Ybqeyw
2013-12-23 16:34:22 -------- d-----w- c:\documents and settings\larry crooms\application data\Ehpihyme
2013-12-23 16:28:38 -------- d-----w- c:\documents and settings\larry crooms\application data\Fuifsoy
2013-12-23 16:25:25 -------- d-----w- c:\documents and settings\larry crooms\application data\Caalkis
2013-12-23 16:17:39 -------- d-----w- c:\documents and settings\larry crooms\application data\Vuawasok
2013-12-23 16:14:47 -------- d-----w- c:\documents and settings\larry crooms\application data\Ikahyhmy
2013-12-23 16:13:23 -------- d-----w- c:\documents and settings\larry crooms\application data\Utsixasa
2013-12-23 16:12:00 -------- d-----w- c:\documents and settings\larry crooms\application data\Ymnauzi
2013-12-23 14:56:50 -------- d-----w- c:\documents and settings\larry crooms\application data\Owiveka
2013-12-23 14:53:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Fyzoin
2013-12-23 14:46:46 94208 ----a-w- c:\documents and settings\larry crooms\local settings\application data\ngsjcspq.exe
2013-12-11 16:57:24 -------- d-----w- c:\documents and settings\larry crooms\gemini fonts
.
==================== Find3M ====================
.
2013-12-11 16:39:39 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:39:39 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-06-27 15:35:05 9435312 -c--a-w- c:\program files\mbam-setup-1.51.0.1200.exe
2011-06-27 02:57:16 204496 -c--a-w- c:\program files\StartUpLite.exe
2011-05-23 22:38:51 80869160 -c--a-w- c:\program files\iTunesSetup.exe
2010-11-20 15:29:53 9880064 -c--a-w- c:\program files\allen datagraph SetupCutterDriver2.09a.EXE
2010-05-05 03:23:16 5856418 -c--a-w- c:\program files\burnaware_free.exe
2009-09-16 00:04:16 60857536 -c--a-w- c:\program files\Ad-AwareAE.exe
2009-09-12 17:24:02 3012768 -c--a-w- c:\program files\spywareblastersetup42.exe
2009-01-03 17:01:12 54157776 -c--a-w- c:\program files\avg_free_stf_en_8_176a1400.exe
2008-12-05 23:11:26 8303652 -c--a-w- c:\program files\signcutx2.exe
2008-04-18 02:37:56 133197120 -c--a-w- c:\program files\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe
2008-02-13 03:43:39 14153016 -c--a-w- c:\program files\network magic setup.exe
2007-10-18 03:29:37 27024112 -c--a-w- c:\program files\PowerPointViewer.exe
2006-12-21 02:01:06 1364256 -c--a-w- c:\program files\WLToolbarSetup_en.exe
2004-11-10 15:10:26 97293845 -c--a-w- c:\program files\j2sdk-1_4_2_04-nb-3_6-bin-windows.exe
1998-10-20 01:51:12 524800 -c--a-r- c:\program files\CADtools.aip
.
============= FINISH: 9:31:38.64 ===============
I tried running gmr and something prevents it from completion, so I'm not sure if it will give you the data you need:sad:
Thanks in advance.:bang head:
Dell Inspiron 8250
WinXP
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Larry Crooms at 9:30:34 on 2013-12-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.118 [GMT -5:00]
.
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Larry Crooms\Application Data\Fyzoin\ocgec.exe
C:\Program Files\Allen Datagraph\Cutter Driver\AllenSpooler.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\TWAIN_32\ScanWiz5\SDII.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/tempcleaner/{F5CE43F7-0125-48AC-9771-A262CFA85AC1}
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: TransSend Object: {E8AC0181-7B34-4507-BFFD-2B020BCC645A} - c:\program files\bluetooth sig\transsend\TransSend.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Temp File Cleaner DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} -
TB: Temp File Cleaner DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - c:\program files\temp file cleaner db toolbar\tbcore3.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {0494D0DE-F8E0-41AD-92A3-14154ECE70AC} - <orphaned>
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [EPSON Stylus CX7000F Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S89.tmp" /EF "HKCU"
uRun: [\\P3 LARRY C\EPSON CX7000] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S10B.tmp" /EF "HKCU"
uRun: [WorkForce 610(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S1FF.tmp" /EF "HKCU"
uRun: [Auto WorkForce 610(Network) on INSPIRON] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S2E7.tmp" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Auto WorkForce 610(Network) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_SA6.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 610 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S565.tmp" /EF "HKCU"
uRun: [EPSON WorkForce 610 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S3C6.tmp" /EF "HKCU"
uRun: [Auto EPSON Stylus CX7000F Series on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatibka.exe /fu "c:\windows\temp\E_S22.tmp" /EF "HKCU"
uRun: [Auto EPSON WorkForce 610 Series on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S25.tmp" /EF "HKCU"
uRun: [Auto EPSONDDBBEB on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S27.tmp" /EF "HKCU"
uRun: [Auto EPSON WorkForce 610 Series (Copy 2) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatifja.exe /fu "c:\windows\temp\E_S29.tmp" /EF "HKCU"
uRun: [Alyrluy] "c:\documents and settings\larry crooms\application data\fyzoin\ocgec.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
mRun: [SSRunScript] "c:\program files\support.com\charter\bin\ssrunscript.exe" /script "c:\program files\support.com\charter\vbs\verifyconnection.vbs" /args //b startupdelay
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [EPSON Stylus C88 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O15 "IP_192.168.0.10" /M "Stylus C88"
mRun: [Auto EPSON Stylus C88 Series (Copy 1) on BETHSLAPTOP2] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaba.exe /p53 "auto epson stylus c88 series (copy 1) on bethslaptop2" /o23 "\\bethslaptop2\Printer4" /M "Stylus C88"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Alyrluy] "c:\documents and settings\larry crooms\application data\fyzoin\ocgec.exe"
dRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
StartupFolder: c:\documents and settings\larry crooms\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\allens~1.lnk - c:\program files\allen datagraph\cutter driver\AllenSpooler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\windows\twain_32\scanwiz5\SDII.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: dontdisplaysecondusername = dword:775409736
mPolicies-System: dontdisplayfirstusername = 1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/24/install/gtdownls.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxp://www.cadlink.com/download/disk1/setup.exe
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - hxxp://web1.nugs.net/dev/dlControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5330/mcfscan.cab
TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38
TCP: Interfaces\{E43BA632-488D-4885-9D8D-83CB969B9BE7} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
Notify: dimsntfy - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry crooms\application data\mozilla\firefox\profiles\h0pillt2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/tempcleaner/{F5CE43F7-0125-48AC-9771-A262CFA85AC1}?q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-6-7 21576]
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-2-14 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-2-14 204784]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-21 175176]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-13 64288]
R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2007-5-27 9472]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-2-14 104752]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-14 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-7 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-7 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-7 46808]
R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-2-14 137960]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2002-6-12 20704]
R3 SNXPPALXP;Sunix XP PCI Multi I/O Parallel Port Driver ;c:\windows\system32\drivers\snxppalxp.sys [2002-6-4 75264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S2 ptssvc;ptssvc;c:\program files\kodak\kodak picture transfer software\ptssvc.exe --> c:\program files\kodak\kodak picture transfer software\PTSsvc.exe [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 Beomga6min;Beomga6min; [x]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 ONXPAR;ONXPAR;\??\c:\windows\system32\onxpar.sys --> c:\windows\system32\ONXPAR.SYS [?]
S3 RSPSC;RSPSC;c:\windows\system32\drivers\rspsc.sys --> c:\windows\system32\drivers\rspsc.sys [?]
S3 TMSPPCI;PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2002-6-12 20704]
S3 TMSPPCIP;PCI Multi I/O Parallel Port Driver;c:\windows\system32\drivers\snxppal.sys [2002-6-12 23039]
S4 0263961200348408mcinstcleanup;McAfee Application Installer Cleanup (0263961200348408);c:\windows\temp\026396~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\026396~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
.
=============== File Associations ===============
.
ShellExec: mkwACT.exe: verify="c:\program files\michael k. weise\mkw audio compression toolkit\mkwACT.exe"
.
=============== Created Last 30 ================
.
2013-12-24 14:05:07 -------- d-----w- C:\TEMP
2013-12-24 12:09:58 -------- d-----w- c:\windows\system32\wbem\Logs
2013-12-23 16:51:33 -------- d-----w- c:\documents and settings\larry crooms\application data\Kahuipr
2013-12-23 16:50:52 -------- d-----w- c:\documents and settings\larry crooms\application data\Sulyfo
2013-12-23 16:49:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Nynewaa
2013-12-23 16:48:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Siypry
2013-12-23 16:41:24 -------- d-----w- c:\documents and settings\larry crooms\application data\Ahivwod
2013-12-23 16:39:30 -------- d-----w- c:\documents and settings\larry crooms\application data\Gabiisy
2013-12-23 16:38:36 -------- d-----w- c:\documents and settings\larry crooms\application data\Iqpivuc
2013-12-23 16:36:11 -------- d-----w- c:\documents and settings\larry crooms\application data\Ybqeyw
2013-12-23 16:34:22 -------- d-----w- c:\documents and settings\larry crooms\application data\Ehpihyme
2013-12-23 16:28:38 -------- d-----w- c:\documents and settings\larry crooms\application data\Fuifsoy
2013-12-23 16:25:25 -------- d-----w- c:\documents and settings\larry crooms\application data\Caalkis
2013-12-23 16:17:39 -------- d-----w- c:\documents and settings\larry crooms\application data\Vuawasok
2013-12-23 16:14:47 -------- d-----w- c:\documents and settings\larry crooms\application data\Ikahyhmy
2013-12-23 16:13:23 -------- d-----w- c:\documents and settings\larry crooms\application data\Utsixasa
2013-12-23 16:12:00 -------- d-----w- c:\documents and settings\larry crooms\application data\Ymnauzi
2013-12-23 14:56:50 -------- d-----w- c:\documents and settings\larry crooms\application data\Owiveka
2013-12-23 14:53:55 -------- d-----w- c:\documents and settings\larry crooms\application data\Fyzoin
2013-12-23 14:46:46 94208 ----a-w- c:\documents and settings\larry crooms\local settings\application data\ngsjcspq.exe
2013-12-11 16:57:24 -------- d-----w- c:\documents and settings\larry crooms\gemini fonts
.
==================== Find3M ====================
.
2013-12-11 16:39:39 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:39:39 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2011-06-27 15:35:05 9435312 -c--a-w- c:\program files\mbam-setup-1.51.0.1200.exe
2011-06-27 02:57:16 204496 -c--a-w- c:\program files\StartUpLite.exe
2011-05-23 22:38:51 80869160 -c--a-w- c:\program files\iTunesSetup.exe
2010-11-20 15:29:53 9880064 -c--a-w- c:\program files\allen datagraph SetupCutterDriver2.09a.EXE
2010-05-05 03:23:16 5856418 -c--a-w- c:\program files\burnaware_free.exe
2009-09-16 00:04:16 60857536 -c--a-w- c:\program files\Ad-AwareAE.exe
2009-09-12 17:24:02 3012768 -c--a-w- c:\program files\spywareblastersetup42.exe
2009-01-03 17:01:12 54157776 -c--a-w- c:\program files\avg_free_stf_en_8_176a1400.exe
2008-12-05 23:11:26 8303652 -c--a-w- c:\program files\signcutx2.exe
2008-04-18 02:37:56 133197120 -c--a-w- c:\program files\OOo_2.4.0_Win32Intel_install_wJRE_en-US.exe
2008-02-13 03:43:39 14153016 -c--a-w- c:\program files\network magic setup.exe
2007-10-18 03:29:37 27024112 -c--a-w- c:\program files\PowerPointViewer.exe
2006-12-21 02:01:06 1364256 -c--a-w- c:\program files\WLToolbarSetup_en.exe
2004-11-10 15:10:26 97293845 -c--a-w- c:\program files\j2sdk-1_4_2_04-nb-3_6-bin-windows.exe
1998-10-20 01:51:12 524800 -c--a-r- c:\program files\CADtools.aip
.
============= FINISH: 9:31:38.64 ===============