I am sure other cases may be worse than this one. The PC was very unstable but eventually was able to load Combofix and FRST. The logs are pasted below; one attached as requested.
ComboFix 14-07-19.01 - JS3 07/19/2014 23:14:05.20.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2302.1779 [GMT -4:00]
Running from: c:\documents and settings\JS3\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2014-06-20 to 2014-07-20 )))))))))))))))))))))))))))))))
.
.
2014-07-20 01:04 . 2014-07-20 01:04 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 23:41 . 2014-07-19 23:41 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-08 07:00 . 2014-07-08 07:00 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 05:57 . 2014-07-08 05:57 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 05:42 . 2014-07-08 05:42 -------- dc----w- c:\documents and settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-06 01:16 . 2014-07-06 01:16 -------- dc----w- c:\windows\system32\wbem\Repository
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\program files\File Type Assistant
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\documents and settings\JS3\Local Settings\Application Data\DefineExt
2014-07-06 00:58 . 2014-07-06 00:58 -------- dc----w- c:\documents and settings\JS3\Application Data\ZoomBrowser EX
2014-07-06 00:57 . 2014-07-06 00:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2014-07-06 00:20 . 2014-07-06 00:20 -------- dc----w- c:\documents and settings\JS3\Local Settings\Application Data\Adobe
2014-06-26 17:29 . 2014-06-26 17:29 -------- dc----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 01:31 . 2012-11-03 07:46 699056 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-14 01:31 . 2011-09-04 02:21 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-08 17:31 . 2014-06-04 01:26 90112 -c--a-w- c:\windows\DUMP786c.tmp
2014-06-02 21:40 . 2010-08-03 23:36 90112 -c--a-w- c:\windows\DUMP6dae.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-01 20:11 259464 -c--a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2011-09-30 121648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-04-02 3774312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-9 323646]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^JS3^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 14:54 282624 -c--a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 -c--a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 -c--a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WZCSVC"=2 (0x2)
"CCALib8"=2 (0x2)
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone TOTALe\\RosettaStoneTOTALe.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\JS3\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/27/2013 2:04 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/27/2013 2:04 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/5/2011 5:48 AM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/31/2010 5:05 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [8/27/2013 2:04 PM 67824]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [6/19/2012 4:21 PM 1646608]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [5/9/2005 8:22 PM 71336]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/26/2009 5:21 PM 2069504]
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 01:31]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-08-27 20:11]
.
2014-07-20 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-19 20:24]
.
2007-01-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2100 series272A572217594EBCF1CEE215E352B92AD073FDE4167510639.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-30 03:32]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-30 03:32]
.
2014-07-20 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-07-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-07-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com...rch/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\documents and settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-19 23:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1123337207-482375026-1231146964-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-07-19 23:32:51
ComboFix-quarantined-files.txt 2014-07-20 03:32
ComboFix2.txt 2013-08-27 17:54
ComboFix3.txt 2011-12-18 21:52
ComboFix4.txt 2010-11-02 01:00
.
Pre-Run: 29,865,283,584 bytes free
Post-Run: 30,219,026,432 bytes free
.
- - End Of File - - EF982042C7482EABC524CAE9FD8A1385
B16A2359F4962B0C622D81A1C1F4B703
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:19-07-2014
Ran by JS3 (administrator) on DC1PW881 on 19-07-2014 23:34:06
Running from C:\Documents and Settings\JS3\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(SigmaTel, Inc.) C:\WINDOWS\STSYSTRA.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
() C:\Program Files\WizMouse\WizMouse.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-21-1123337207-482375026-1231146964-1006\...\Run: [WizMouse] => C:\Program Files\WizMouse\WizMouse.exe [121648 2011-09-30] ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
ShortcutTarget: hp psc 2000 Series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - DefaultScope {13B62582-004A-4F0C-9597-5B331FFDF2E0} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {DB154946-45C2-49F1-B2E3-34DBE5806DA8}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {13B62582-004A-4F0C-9597-5B331FFDF2E0} URL = http://search.yahoo....&p={searchTerms}
SearchScopes: HKCU - {2ADAA309-ED43-1B2E-122F-2C376E7FC415} URL = http://search.yahoo....ei=utf-8&fr=ie8
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DeskshopBrowserHelper Class -> {8DB3D69D-DA5E-4165-B781-72A761790672} -> C:\WINDOWS\system32\BhoDshop.dll (Orbiscom Ltd. All rights reserved.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204
DPF: {4E73C07D-0A23-42DF-9E32-BBBB027D869A} http://client2.tvton...3.0/install.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\JS3\Application Data\Mozilla\Firefox\Profiles\bt9ykm97.default-1377636682412
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\JS3\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Extension: RivalGaming - C:\Documents and Settings\JS3\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2013-07-04]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\gystqfr@ylgga.com [2014-07-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-08-05]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo....&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-20]
CHR Extension: (Google Search) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Documents and Settings\JS3\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-20]
========================== Services (Whitelisted) =================
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-03-01] (AVAST Software)
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-03-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-03-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-12-07] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-03-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-03-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-03-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-11] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [88352 2005-04-22] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2005-04-21] (Sonic Solutions) [File not signed]
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
S3 JL2005; C:\WINDOWS\System32\Drivers\toywdm.sys [71336 2005-05-09] (Windows ® 2000 DDK provider) [File not signed]
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-11-02] (Intel Corporation ) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2005-05-13] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2005-05-13] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25725 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34845 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4125 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2241 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86876 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15069 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6365 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98716 2005-05-31] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100605 2005-05-31] (Sonic Solutions) [File not signed]
S3 VX6000; C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys [2069504 2009-06-26] (Microsoft Corporation
)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 bvrp_pci; No ImagePath
R3 catchme; \??\C:\DOCUME~1\JS3\LOCALS~1\Temp\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-19 23:34 - 2014-07-19 23:35 - 00015940 ____C () C:\Documents and Settings\JS3\Desktop\FRST.txt
2014-07-19 23:33 - 2014-07-19 23:34 - 00000000 ___DC () C:\FRST
2014-07-19 23:33 - 2014-07-19 23:33 - 00012257 ____C () C:\Documents and Settings\JS3\Desktop\combofix.txt
2014-07-19 23:32 - 2014-07-19 23:35 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00012257 ____C () C:\ComboFix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\temp
2014-07-19 23:05 - 2014-07-19 19:37 - 01079808 ____C (Farbar) C:\Documents and Settings\JS3\Desktop\FRST.exe
2014-07-19 23:05 - 2014-07-19 19:35 - 05222180 ___RC (Swearware) C:\Documents and Settings\JS3\Desktop\ComboFix.exe
2014-07-19 23:00 - 2014-07-19 23:00 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-05.dmp
2014-07-19 21:43 - 2014-07-19 21:43 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-04.dmp
2014-07-19 21:10 - 2014-07-19 21:10 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SM2
2014-07-19 21:04 - 2014-07-19 21:04 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 20:55 - 2014-07-19 20:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-03.dmp
2014-07-19 19:48 - 2014-07-19 19:48 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-02.dmp
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-19 19:39 - 2014-07-19 19:39 - 00000283 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to ComboFix.lnk
2014-07-19 19:39 - 2014-07-19 19:37 - 01079808 ____C (Farbar) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\FRST.exe
2014-07-19 19:39 - 2014-07-19 19:35 - 05222180 ___RC (Swearware) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\ComboFix.exe
2014-07-19 19:35 - 2014-07-19 19:34 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 09:55 - 2014-07-18 09:55 - 00001744 ____C () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-18 09:52 - 2014-07-18 09:52 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 21:11 - 2014-07-17 21:10 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-02.dmp
2014-07-17 20:59 - 2014-07-17 20:59 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-01.dmp
2014-07-17 20:56 - 2014-07-17 20:56 - 00001746 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\HijackThis.lnk
2014-07-17 20:54 - 2014-07-17 20:54 - 00000914 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to SHORTCUTS.lnk
2014-07-11 16:57 - 2014-07-11 16:57 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Consulting Trasnferred!.lnk
2014-07-11 16:55 - 2014-07-11 16:55 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to INVESTMENT.lnk
2014-07-10 20:29 - 2014-07-10 20:28 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 02:04 - 2014-07-08 02:04 - 00000792 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Start Menu\Programs\Windows Media Player.lnk
2014-07-08 02:04 - 2014-07-08 02:04 - 00000786 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Windows Media Player.lnk
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Adobe
2014-07-08 01:47 - 2014-07-19 21:06 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SAFE MODE
2014-07-08 01:45 - 2014-07-08 01:45 - 00000626 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Downloads.lnk
2014-07-08 01:42 - 2014-07-08 01:54 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Mozilla
2014-07-08 01:42 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-08 01:39 - 2014-07-08 01:38 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-07 04:54 - 2014-07-07 04:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\File Type Assistant
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX
2014-07-05 20:57 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 20:22 - 2014-07-05 23:57 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-05 20:20 - 2014-07-05 20:20 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Adobe
2014-07-04 18:54 - 2014-07-04 18:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070414-01.dmp
2014-07-03 17:54 - 2014-07-03 17:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-27 17:27 - 2014-06-27 17:27 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062714-01.dmp
2014-06-26 16:12 - 2014-06-26 16:12 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062614-01.dmp
2014-06-26 13:29 - 2014-06-26 13:29 - 00000000 ___DC () C:\Program Files\Citrix
==================== One Month Modified Files and Folders =======
2014-07-19 23:35 - 2014-07-19 23:34 - 00015940 ____C () C:\Documents and Settings\JS3\Desktop\FRST.txt
2014-07-19 23:35 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\temp
2014-07-19 23:35 - 2013-09-29 23:32 - 00000880 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 23:34 - 2014-07-19 23:33 - 00000000 ___DC () C:\FRST
2014-07-19 23:33 - 2014-07-19 23:33 - 00012257 ____C () C:\Documents and Settings\JS3\Desktop\combofix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00012257 ____C () C:\ComboFix.txt
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881\Local Settings\temp
2014-07-19 23:32 - 2014-07-19 23:32 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\temp
2014-07-19 23:32 - 2011-12-18 15:53 - 00000000 ___DC () C:\Qoobox
2014-07-19 23:32 - 2004-08-10 14:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 23:32 - 2004-08-10 14:08 - 00000000 _SHDC () C:\Documents and Settings\NetworkService
2014-07-19 23:29 - 2004-08-10 13:51 - 00000321 ____C () C:\WINDOWS\system.ini
2014-07-19 23:12 - 2004-08-10 14:02 - 01435348 ____C () C:\WINDOWS\WindowsUpdate.log
2014-07-19 23:11 - 2004-08-10 14:08 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-19 23:09 - 2013-08-27 14:04 - 00000366 ___HC () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-07-19 23:09 - 2004-08-10 13:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-07-19 23:08 - 2014-03-28 02:37 - 00000218 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-19 23:08 - 2013-09-29 23:32 - 00000876 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 23:08 - 2011-12-19 18:43 - 00000374 ____C () C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2014-07-19 23:08 - 2004-08-10 13:59 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-07-19 23:08 - 2004-08-10 13:59 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-07-19 23:00 - 2014-07-19 23:00 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-05.dmp
2014-07-19 23:00 - 2006-07-03 22:21 - 00000000 ___DC () C:\WINDOWS\Minidump
2014-07-19 22:31 - 2013-05-03 12:36 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-19 22:11 - 2009-11-09 11:51 - 00776425 ____C () C:\WINDOWS\setupapi.log
2014-07-19 21:43 - 2014-07-19 21:43 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-04.dmp
2014-07-19 21:12 - 2007-01-17 02:25 - 00000000 ___DC () C:\Program Files\ZipWiz
2014-07-19 21:10 - 2014-07-19 21:10 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SM2
2014-07-19 21:06 - 2014-07-08 01:47 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\SAFE MODE
2014-07-19 21:06 - 2005-08-20 11:10 - 00000000 ___DC () C:\i386
2014-07-19 21:04 - 2014-07-19 21:04 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\BVRP Software
2014-07-19 20:54 - 2014-07-19 20:55 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-03.dmp
2014-07-19 19:48 - 2014-07-19 19:48 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-02.dmp
2014-07-19 19:41 - 2014-07-19 19:41 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\AVAST Software
2014-07-19 19:39 - 2014-07-19 19:39 - 00000283 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to ComboFix.lnk
2014-07-19 19:37 - 2014-07-19 23:05 - 01079808 ____C (Farbar) C:\Documents and Settings\JS3\Desktop\FRST.exe
2014-07-19 19:37 - 2014-07-19 19:39 - 01079808 ____C (Farbar) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\FRST.exe
2014-07-19 19:35 - 2014-07-19 23:05 - 05222180 ___RC (Swearware) C:\Documents and Settings\JS3\Desktop\ComboFix.exe
2014-07-19 19:35 - 2014-07-19 19:39 - 05222180 ___RC (Swearware) C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\ComboFix.exe
2014-07-19 19:34 - 2014-07-19 19:35 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 17:50 - 2009-09-16 23:05 - 00000000 ___DC () C:\Documents and Settings\JS3\My Documents\Any Audio Converter
2014-07-18 16:48 - 2010-08-05 22:46 - 00000178 __SHC () C:\Documents and Settings\Administrator.DC1PW881.000\ntuser.ini
2014-07-18 09:55 - 2014-07-18 09:55 - 00001744 ____C () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-07-18 09:52 - 2014-07-18 09:52 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-18 09:52 - 2009-09-29 17:32 - 00000330 ___HC () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-07-17 21:10 - 2014-07-17 21:11 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-02.dmp
2014-07-17 20:59 - 2014-07-17 20:59 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071714-01.dmp
2014-07-17 20:56 - 2014-07-17 20:56 - 00001746 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\HijackThis.lnk
2014-07-17 20:54 - 2014-07-17 20:54 - 00000914 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to SHORTCUTS.lnk
2014-07-13 21:31 - 2012-11-03 03:46 - 00699056 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-13 21:31 - 2011-09-03 22:21 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-13 20:25 - 2005-09-11 11:21 - 00000000 ___DC () C:\Documents and Settings\JS3\Desktop\SHORTCUTS
2014-07-13 19:43 - 2009-11-09 11:51 - 00000836 ____C () C:\WINDOWS\setupact.log
2014-07-11 16:57 - 2014-07-11 16:57 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Consulting Trasnferred!.lnk
2014-07-11 16:55 - 2014-07-11 16:55 - 00000919 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to INVESTMENT.lnk
2014-07-10 20:28 - 2014-07-10 20:29 - 00090112 ____C () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-09 01:33 - 2014-03-28 02:37 - 00000212 ____C () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 03:00 - 2014-07-08 03:00 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\NCH Swift Sound
2014-07-08 02:04 - 2014-07-08 02:04 - 00000792 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Start Menu\Programs\Windows Media Player.lnk
2014-07-08 02:04 - 2014-07-08 02:04 - 00000786 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Windows Media Player.lnk
2014-07-08 02:04 - 2009-10-27 19:14 - 00070509 ____C () C:\WINDOWS\wmsetup.log
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Adobe
2014-07-08 01:57 - 2014-07-08 01:57 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Adobe
2014-07-08 01:54 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Application Data\Mozilla
2014-07-08 01:45 - 2014-07-08 01:45 - 00000626 ____C () C:\Documents and Settings\Administrator.DC1PW881.000\Desktop\Shortcut to Downloads.lnk
2014-07-08 01:42 - 2014-07-08 01:42 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000\Local Settings\Application Data\Mozilla
2014-07-08 01:38 - 2014-07-08 01:39 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070814-01.dmp
2014-07-07 05:39 - 2012-07-07 16:50 - 00000000 ___DC () C:\Documents and Settings\JS3\.umplayer
2014-07-07 04:54 - 2014-07-07 04:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 23:57 - 2014-07-05 20:22 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-07-05 23:57 - 2012-08-04 17:57 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-05 23:57 - 2012-08-04 17:57 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-07-05 21:58 - 2013-08-13 03:00 - 00000000 ___DC () C:\WINDOWS\system32\MRT
2014-07-05 21:52 - 2005-08-23 18:50 - 00000278 __SHC () C:\Documents and Settings\JS3\ntuser.ini
2014-07-05 21:48 - 2005-12-10 09:09 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Google
2014-07-05 21:16 - 2010-08-05 22:46 - 00000000 ___DC () C:\Documents and Settings\Administrator.DC1PW881.000
2014-07-05 21:16 - 2005-08-23 18:50 - 00000000 ___DC () C:\Documents and Settings\JS3
2014-07-05 21:16 - 2004-08-10 14:08 - 00000000 _SHDC () C:\Documents and Settings\LocalService
2014-07-05 21:16 - 2004-08-10 14:02 - 00000000 ___DC () C:\WINDOWS\Registration
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Program Files\File Type Assistant
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\DefineExt
2014-07-05 20:58 - 2014-07-05 20:58 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\ZoomBrowser EX
2014-07-05 20:58 - 2014-07-05 20:57 - 00000000 ___DC () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 20:58 - 2014-06-04 00:08 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 20:58 - 2008-08-09 09:48 - 00000000 ___DC () C:\Documents and Settings\JS3\Application Data\Malwarebytes
2014-07-05 20:58 - 2008-08-09 09:48 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-05 20:20 - 2014-07-05 20:20 - 00000000 ___DC () C:\Documents and Settings\JS3\Local Settings\Application Data\Adobe
2014-07-05 20:15 - 2005-09-12 19:21 - 00000000 ___DC () C:\Program Files\Common Files\Adobe
2014-07-04 18:54 - 2014-07-04 18:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070414-01.dmp
2014-07-03 17:54 - 2014-07-03 17:54 - 00090112 ____C () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-27 17:27 - 2014-06-27 17:27 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062714-01.dmp
2014-06-26 16:12 - 2014-06-26 16:12 - 00090112 ____C () C:\WINDOWS\Minidump\Mini062614-01.dmp
2014-06-26 13:29 - 2014-06-26 13:29 - 00000000 ___DC () C:\Program Files\Citrix
2014-06-26 13:29 - 2010-11-01 07:10 - 00001324 ____C () C:\WINDOWS\system32\d3d9caps.dat
Files to move or delete:
====================
C:\Documents and Settings\JS3\hpothb07.dat
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================