I went to a site today and immediately realized it was a "bad" site, but was on a browser without WoT. (I was searching for the difference between a wet and a dry cappuccinno and ended up at some file server.) Anyway, shortly after, I could hear background sounds that sounded like a virus was found, but nothing popped up. I cleared my cache and went to eventvwr, and it showed Avira found an infection in the C:\Recycler folder. I mistakenly shut my computer off (pulled the cord out without realizing my battery was not in). Anyway, when it started back up, there were all sorts of sounds, so I held down SHIFT and turned off my network card. I ran Avira, but it was not getting it, so I went into Safe Mode and Malwarebytes found 5 infections. Deleted them. Rebooted, but still heard background "beeps", even with nothing open. Ran Malwarebytes again, and it found two more files-did away with them. How can I be sure this is clear? (And if it is, what is beeping in the background?)
I could probably get the exact url from my history of the site that seemingly started it, if it would help. I do not have a Boot CD (or a CD Drive). I did not run the 32-bit file, as I am not sure if my system is 32-bit or not. Thank you for any help. :thumb:
Also, I have both Avira and Malwarebytes on my system, because as I understood it, one finds certain things the other does not look for and vice versa, but have also been told they should not both be there. Can someone clarify this for me? For example, Avira in this case seemingly found it by the event viewer, but did not alert me and nothing showed up in Luke Filewalker, whereas Malwarebytes found a total of 7 dangerous thingies.
DDS text contents:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by flourcollie at 23:09:04 on 2012-11-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.130 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 2010\office14\URLREDIR.DLL
BHO: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [APN] rundll32.exe "c:\documents and settings\flourcollie\local settings\application data\apple\apn\gocqf.dll",DllRegisterServer
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108855
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi7967~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi7967~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.31/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{0C5BBBFF-F5E5-4524-A890-91311819F412} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15083
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko9.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitfound\components\NavitFoundXPCOM.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitloader\components\NavitLoaderXPCOM.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\progra~1\mi7967~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi7967~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - ExtSQL: !HIDDEN! 2010-01-21 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-02-19 05:27; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R? CSHelper;CopySafe Helper Service
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate1c9695861665b0a;Google Update Service (gupdate1c9695861665b0a)
R? JMCR;JMCR
R? MatSvc;Microsoft Automated Troubleshooting Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? ServicepointService;ServicepointService
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDMService;WD SmartWare Drive Manager
R? WDSmartWareBackgroundService;WD SmartWare Background Service
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? Lbd;Lbd
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2018-04-14 10:25:57 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-15 03:28:01 54016 ----a-w- c:\windows\system32\drivers\gjcbonla.sys
2012-11-15 02:34:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-12 23:26:49 -------- d-----w- c:\documents and settings\flourcollie\application data\System
2012-10-30 01:12:59 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:12:49.43 ===============
(edit to upload attach.zip)
I could probably get the exact url from my history of the site that seemingly started it, if it would help. I do not have a Boot CD (or a CD Drive). I did not run the 32-bit file, as I am not sure if my system is 32-bit or not. Thank you for any help. :thumb:
Also, I have both Avira and Malwarebytes on my system, because as I understood it, one finds certain things the other does not look for and vice versa, but have also been told they should not both be there. Can someone clarify this for me? For example, Avira in this case seemingly found it by the event viewer, but did not alert me and nothing showed up in Luke Filewalker, whereas Malwarebytes found a total of 7 dangerous thingies.
DDS text contents:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by flourcollie at 23:09:04 on 2012-11-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.130 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 2010\office14\URLREDIR.DLL
BHO: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [APN] rundll32.exe "c:\documents and settings\flourcollie\local settings\application data\apple\apn\gocqf.dll",DllRegisterServer
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108855
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi7967~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi7967~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 2010\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/66.31/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{0C5BBBFF-F5E5-4524-A890-91311819F412} : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\19.0.1084.56\npchrome_frame.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - <orphaned>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15083
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\flourcollie\application data\mozilla\firefox\profiles\xv2wxwd2.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\RadioWMPCoreGecko9.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitfound\components\NavitFoundXPCOM.dll
FF - component: c:\program files\apisphere\geomate.jr software kit\xpcom\navitloader\components\NavitLoaderXPCOM.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\flourcollie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\flourcollie\local settings\application data\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\progra~1\mi7967~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi7967~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - ExtSQL: !HIDDEN! 2010-01-21 01:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-02-19 05:27; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R? CSHelper;CopySafe Helper Service
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate1c9695861665b0a;Google Update Service (gupdate1c9695861665b0a)
R? JMCR;JMCR
R? MatSvc;Microsoft Automated Troubleshooting Service
R? McComponentHostService;McAfee Security Scan Component Host Service
R? ServicepointService;ServicepointService
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDMService;WD SmartWare Drive Manager
R? WDSmartWareBackgroundService;WD SmartWare Background Service
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? Lbd;Lbd
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MBAMSwissArmy;MBAMSwissArmy
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2018-04-14 10:25:57 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-15 03:28:01 54016 ----a-w- c:\windows\system32\drivers\gjcbonla.sys
2012-11-15 02:34:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-12 23:26:49 -------- d-----w- c:\documents and settings\flourcollie\application data\System
2012-10-30 01:12:59 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:12:49.43 ===============
(edit to upload attach.zip)