Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

CryptoWall

October 23, 2014, 2:32 pm
$
0
0
My computer was recently infected with the CryptoWall virus. I believe I eradicated the virus via Symantec Endpoint Protection but my files remain encrypted.

Is there any way to decrypt the files?

From what I have read it appears that I am SOL but figured I would ask anyway.

I am running Windows XP.

I appreciate any assistance that can be provided.

Ookpik
Search

Viruses

October 23, 2014, 4:00 pm
$
0
0
OTL logfile created on: 23/10/2014 23:48:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\MZKOU3 AZ
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.89 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 47.04% Memory free
6.83 Gb Paging File | 3.61 Gb Available in Paging File | 52.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372.17 Gb Total Space | 322.64 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
Drive D: | 537.80 Gb Total Space | 537.64 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: DELHEIDI | User Name: derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/23 23:47:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\derek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\MZKOU3 AZ\OTL.exe
PRC - [2014/10/20 12:07:59 | 005,395,192 | ---- | M] (Avira) -- C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
PRC - [2014/09/26 09:09:06 | 000,125,176 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/09/26 09:09:02 | 000,163,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/09/24 12:44:27 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/09/24 12:44:21 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/09/24 12:44:20 | 000,703,736 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/09/23 13:29:48 | 000,019,256 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/08/19 18:35:26 | 000,055,368 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013/08/16 15:29:08 | 000,183,408 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/03/08 16:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/10/26 15:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/18 13:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/09/14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/08/31 20:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/22 10:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/18 01:24:07 | 007,559,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\706fd0ae4e6906a39 8010738d98ae675\System.Xml.ni.dll
MOD - [2014/10/18 01:24:00 | 001,870,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\8712c260ae8a3132 866fc3e4f6b3f2dd\System.Xaml.ni.dll
MOD - [2014/10/18 01:23:57 | 012,692,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3025fa0 dfaa01937615642985b21cc3b\System.Windows.Forms.ni.dll
MOD - [2014/10/18 01:23:42 | 000,220,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\15bfdc0 36295e43fce2be9beaa4a15ad\System.ServiceProcess.ni.dll
MOD - [2014/10/18 01:23:40 | 019,524,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\af68af47 14ab5a4820d92f807e5323ff\System.ServiceModel.ni.dll
MOD - [2014/10/18 01:23:16 | 002,785,280 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\7a9337d 3cb714dec10962b4d63372e27\System.Runtime.Serialization.ni.dll
MOD - [2014/10/18 01:23:01 | 001,630,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\cb85807f06e14 f7b2f44dcb2f6c132a4\System.Drawing.ni.dll
MOD - [2014/10/18 01:22:57 | 007,248,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\6cb167bb3bc0748e d53b74fb4dfe556c\System.Data.ni.dll
MOD - [2014/10/18 01:22:48 | 000,958,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5aff41 68e8ba07f0f39dbabff3bbf6b\System.Configuration.ni.dll
MOD - [2014/10/18 01:22:46 | 000,467,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\88bdcb3 023876575b068688249000c83\PresentationFramework.Aero2.ni.dll
MOD - [2014/10/18 01:22:44 | 018,524,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\74ae9f3 73436fab605257ada8d6d8d97\PresentationFramework.ni.dll
MOD - [2014/10/18 01:22:25 | 010,914,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3339c2c1baa 40368c090208661c96837\PresentationCore.ni.dll
MOD - [2014/10/18 01:22:14 | 003,905,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\eb4ed929faee7cf4 0b37764ae81a746a\WindowsBase.ni.dll
MOD - [2014/10/15 10:04:38 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\ab11a4ea70 fc07fe397d4b849cabed8c\UIAutomationTypes.ni.dll
MOD - [2014/10/14 13:16:26 | 006,995,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\9587421a7c7653b1 71bc5a2e5a1fffab\System.Core.ni.dll
MOD - [2014/10/14 13:16:09 | 009,926,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c0a96107dfc55d74bbc2f 775d1a0f1c2\System.ni.dll
MOD - [2014/10/14 13:15:51 | 016,501,248 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\939f2968bc3436f588b b23c6c7cee671\mscorlib.ni.dll
MOD - [2013/08/19 18:16:48 | 000,015,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2013/08/16 11:03:12 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/07/24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/06/20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/06/12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2014/04/25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/09/02 10:15:40 | 001,282,152 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/04/26 09:03:28 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/04/26 08:59:49 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/04/26 08:54:44 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/04/26 08:54:44 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/04/26 08:43:06 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/04/26 08:13:52 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/04/26 08:13:26 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/04/26 08:13:26 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/26 08:13:26 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/04/26 08:13:26 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/21 13:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2014/09/26 09:09:02 | 000,163,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/09/24 12:44:27 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/09/24 12:44:21 | 000,431,920 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 07:10:38 | 000,072,192 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2012/12/13 23:14:24 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/09/13 04:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/24 12:44:21 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/09/24 12:44:21 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/09/24 12:44:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2014/07/24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/07/24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/06/20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/06/20 10:09:34 | 000,070,600 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/23 13:30:02 | 000,070,416 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/04/26 09:03:28 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/04/26 09:03:28 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/26 09:00:20 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/04/26 08:59:49 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/04/26 08:59:49 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/04/26 08:54:44 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/04/26 08:54:44 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/04/26 08:49:58 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/04/26 08:46:00 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/04/26 08:43:00 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/04/26 08:21:13 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/04/26 08:19:08 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/04/26 08:19:03 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/04/26 08:13:22 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/04/26 08:13:22 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/04/26 08:13:22 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/04/26 08:13:22 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/04/26 08:13:22 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/04/26 08:13:22 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/01/09 03:26:24 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/12/13 23:14:20 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/19 00:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/24 19:18:32 | 000,723,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/10/08 10:47:42 | 000,298,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/09/18 13:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/09/14 06:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/02 04:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 15:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 15:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 15:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/31 04:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankvileges
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blankROUN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...&pc=ASU2JS


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blanksk Page
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blanknt_of_Disk
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankTAN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankarch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U142&ocid=U142DHP
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee .com: C:\Program Files\McAfee\MSK [2014/10/14 19:32:09 | 000,000,000 | ---D | M]

[2014/10/13 21:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derek\AppData\Roaming\mozilla\Firefox\Profiles\HuARVyak.default\ex tensions
[2014/10/13 21:22:26 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\derek\AppData\Roaming\mozilla\Firefox\Profiles\HuARVyak.default\ex tensions\abs@avira.com

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001..\Run: [AviraSpeedup] C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe (Avira)
O4 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIBV5 = 17
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_OEMTEXT = 7
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1536286066-2030882337-2366861174-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61AA4BC1-76D2-48D1-BB63-8BDE4C6A6F22}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (CL SDK\2.0\bin\x64\: Shell - (exp) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\WINDOWS\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/14 17:50:06 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/23 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/10/20 12:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
[2014/10/20 12:07:15 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\AviraSpeedup
[2014/10/18 00:35:45 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014/10/18 00:35:45 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014/10/17 23:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\de-DE
[2014/10/17 23:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\de
[2014/10/17 23:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\0407
[2014/10/17 23:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\0407
[2014/10/17 23:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\de-DE
[2014/10/17 23:43:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\de
[2014/10/17 23:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\fr-FR
[2014/10/17 23:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\fr
[2014/10/17 23:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\040C
[2014/10/17 23:41:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\040C
[2014/10/17 23:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\fr-FR
[2014/10/17 23:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\fr
[2014/10/17 23:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\nl
[2014/10/17 23:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\0413
[2014/10/17 23:40:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\drivers\nl-NL
[2014/10/17 23:40:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\nl
[2014/10/17 23:40:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\0413
[2014/10/17 23:40:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\nl-NL
[2014/10/17 22:04:49 | 000,000,000 | ---D | C] -- C:\sources
[2014/10/17 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\DriverCure
[2014/10/17 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\SparkTrust
[2014/10/17 20:36:30 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2014/10/17 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/10/17 20:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2014/10/17 20:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2014/10/17 16:09:49 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\CleanMyPC
[2014/10/17 16:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMyPC
[2014/10/17 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Programs
[2014/10/17 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/10/17 11:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/10/16 20:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\MRT
[2014/10/16 18:10:31 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tssdisai.dll
[2014/10/16 18:10:30 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDWebAI.dll
[2014/10/16 18:10:29 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appserverai.dll
[2014/10/16 18:10:29 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VmHostAI.dll
[2014/10/16 18:10:27 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\poqexec.exe
[2014/10/16 18:10:27 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\poqexec.exe
[2014/10/15 11:04:51 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Diagnostics
[2014/10/14 19:50:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/10/14 19:35:14 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\CyberLink
[2014/10/14 19:35:02 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Power2Go
[2014/10/14 18:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014/10/14 18:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SceneSwitch
[2014/10/14 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/10/14 17:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/10/14 16:30:59 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Adobe
[2014/10/14 14:26:30 | 000,043,064 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2014/10/14 12:19:30 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
[2014/10/13 22:57:29 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Avira
[2014/10/13 21:37:48 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2014/10/13 21:37:47 | 000,131,608 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2014/10/13 21:37:46 | 000,119,272 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2014/10/13 21:24:32 | 000,059,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2014/10/13 21:24:30 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2014/10/13 21:24:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2014/10/13 21:24:29 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2014/10/13 21:23:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll
[2014/10/13 21:22:15 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Mozilla
[2014/10/13 21:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2014/10/13 21:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014/10/13 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2014/10/13 21:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/10/13 20:57:03 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/10/13 20:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/10/13 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Google
[2014/10/13 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Deployment
[2014/10/13 20:51:43 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Apps
[2014/10/13 20:34:19 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2014/10/13 20:31:07 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Skype
[2014/10/13 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Skype
[2014/10/13 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/10/13 20:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/10/13 20:30:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/10/13 20:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/10/13 20:22:09 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Macromedia
[2014/10/13 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\ASUS
[2014/10/13 20:19:07 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\ASUS WebStorage
[2014/10/13 20:14:11 | 000,000,000 | R--D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/10/13 20:14:11 | 000,000,000 | R--D | C] -- C:\Users\derek\Searches
[2014/10/13 20:14:11 | 000,000,000 | R--D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/10/13 20:13:52 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Adobe
[2014/10/13 20:11:39 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\VirtualStore
[2014/10/13 20:11:29 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Packages
[2014/10/13 20:10:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2014/10/13 20:01:12 | 000,000,000 | --SD | C] -- C:\Users\derek\AppData\Roaming\Microsoft
[2014/10/13 20:01:12 | 000,000,000 | R--D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/10/13 20:01:12 | 000,000,000 | R--D | C] -- C:\Users\derek\Favorites
[2014/10/13 20:01:12 | 000,000,000 | R--D | C] -- C:\Users\derek\Desktop
[2014/10/13 20:01:12 | 000,000,000 | R--D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/10/13 20:01:12 | 000,000,000 | R--D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/10/13 20:01:12 | 000,000,000 | -H-D | C] -- C:\Users\derek\AppData
[2014/10/13 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Temp
[2014/10/13 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Local\Microsoft
[2014/10/13 20:01:12 | 000,000,000 | ---D | C] -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/10/13 19:28:54 | 000,000,000 | -H-D | C] -- C:\$SysReset

========== Files - Modified Within 30 Days ==========

[2014/10/23 18:00:01 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/10/23 12:46:56 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/10/23 10:40:35 | 671,088,640 | -HS- | M] () -- C:\swapfile.sys
[2014/10/20 12:08:01 | 000,001,209 | ---- | M] () -- C:\Users\derek\Desktop\Avira System Speedup.lnk
[2014/10/19 19:46:01 | 000,000,074 | ---- | M] () -- C:\Users\derek\AppData\Roaming\sp_data.sys
[2014/10/19 19:00:20 | 763,138,047 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/18 00:35:27 | 000,790,022 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2014/10/18 00:35:27 | 000,785,550 | ---- | M] () -- C:\WINDOWS\SysNative\perfh013.dat
[2014/10/18 00:35:27 | 000,741,800 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2014/10/18 00:35:27 | 000,158,586 | ---- | M] () -- C:\WINDOWS\SysNative\perfc013.dat
[2014/10/18 00:35:27 | 000,155,360 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2014/10/18 00:35:27 | 000,155,084 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2014/10/18 00:35:25 | 000,710,244 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/10/18 00:35:25 | 000,132,614 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/10/17 23:55:12 | 004,568,320 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/10/17 23:48:34 | 000,281,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/10/17 23:34:12 | 000,305,546 | ---- | M] () -- C:\WINDOWS\SysNative\perfi007.dat
[2014/10/17 23:34:12 | 000,040,390 | ---- | M] () -- C:\WINDOWS\SysNative\perfd007.dat
[2014/10/17 23:32:39 | 000,350,772 | ---- | M] () -- C:\WINDOWS\SysNative\perfi00C.dat
[2014/10/17 23:32:39 | 000,040,528 | ---- | M] () -- C:\WINDOWS\SysNative\perfd00C.dat
[2014/10/17 23:31:07 | 000,347,474 | ---- | M] () -- C:\WINDOWS\SysNative\perfi013.dat
[2014/10/17 23:31:07 | 000,045,378 | ---- | M] () -- C:\WINDOWS\SysNative\perfd013.dat
[2014/10/17 21:23:59 | 000,001,993 | ---- | M] () -- C:\Users\derek\Desktop\Remove Avira PC Cleaner.lnk
[2014/10/17 21:23:59 | 000,001,937 | ---- | M] () -- C:\Users\derek\Desktop\Avira PC Cleaner.lnk
[2014/10/17 20:36:30 | 000,001,359 | ---- | M] () -- C:\Users\derek\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/10/17 11:08:05 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/10/15 23:12:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/10/14 18:26:56 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\Scene Switch.lnk
[2014/10/14 17:50:06 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/10/14 14:23:22 | 000,043,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2014/10/13 21:22:00 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/10/13 20:30:50 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/10/13 20:04:20 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/10/13 20:04:20 | 000,017,148 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/09/24 12:44:21 | 000,131,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2014/09/24 12:44:21 | 000,119,272 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2014/09/24 12:44:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2014/10/20 12:07:16 | 000,001,209 | ---- | C] () -- C:\Users\derek\Desktop\Avira System Speedup.lnk
[2014/10/17 23:51:04 | 000,790,022 | ---- | C] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2014/10/17 23:51:04 | 000,741,800 | ---- | C] () -- C:\WINDOWS\SysNative\perfh007.dat
[2014/10/17 23:51:04 | 000,350,772 | ---- | C] () -- C:\WINDOWS\SysNative\perfi00C.dat
[2014/10/17 23:51:04 | 000,305,546 | ---- | C] () -- C:\WINDOWS\SysNative\perfi007.dat
[2014/10/17 23:51:04 | 000,155,360 | ---- | C] () -- C:\WINDOWS\SysNative\perfc007.dat
[2014/10/17 23:51:04 | 000,155,084 | ---- | C] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2014/10/17 23:51:04 | 000,040,528 | ---- | C] () -- C:\WINDOWS\SysNative\perfd00C.dat
[2014/10/17 23:51:04 | 000,040,390 | ---- | C] () -- C:\WINDOWS\SysNative\perfd007.dat
[2014/10/17 23:51:03 | 000,785,550 | ---- | C] () -- C:\WINDOWS\SysNative\perfh013.dat
[2014/10/17 23:51:03 | 000,347,474 | ---- | C] () -- C:\WINDOWS\SysNative\perfi013.dat
[2014/10/17 23:51:03 | 000,158,586 | ---- | C] () -- C:\WINDOWS\SysNative\perfc013.dat
[2014/10/17 23:51:03 | 000,045,378 | ---- | C] () -- C:\WINDOWS\SysNative\perfd013.dat
[2014/10/17 23:48:28 | 000,281,088 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/10/17 21:23:59 | 000,001,993 | ---- | C] () -- C:\Users\derek\Desktop\Remove Avira PC Cleaner.lnk
[2014/10/17 21:23:59 | 000,001,937 | ---- | C] () -- C:\Users\derek\Desktop\Avira PC Cleaner.lnk
[2014/10/17 20:36:51 | 000,000,482 | ---- | C] () -- C:\WINDOWS\tasks\SparkTrust Registration3.job
[2014/10/17 20:36:30 | 000,001,359 | ---- | C] () -- C:\Users\derek\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/10/17 11:08:05 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/10/17 11:08:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/10/15 23:12:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/10/14 18:26:56 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\Scene Switch.lnk
[2014/10/14 17:50:06 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/10/13 21:22:00 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/10/13 20:30:50 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/10/13 20:21:42 | 000,000,074 | ---- | C] () -- C:\Users\derek\AppData\Roaming\sp_data.sys
[2014/10/13 20:13:52 | 000,001,436 | ---- | C] () -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/10/13 20:01:12 | 000,002,098 | ---- | C] () -- C:\Users\derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2014/10/13 20:01:02 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/10/13 20:01:02 | 000,017,148 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/09/26 10:59:45 | 000,598,384 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2013/09/26 10:59:44 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/09/26 10:59:43 | 000,754,652 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2013/04/26 08:13:26 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS

========== ZeroAccess Check ==========

[2014/10/17 16:08:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/04/26 08:54:44 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/04/26 08:54:44 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/26 00:16:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS WebStorage
[2014/10/13 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\derek\AppData\Roaming\ASUS WebStorage
[2014/10/17 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\derek\AppData\Roaming\CleanMyPC
[2014/10/17 20:36:47 | 000,000,000 | ---D | M] -- C:\Users\derek\AppData\Roaming\DriverCure
[2014/10/17 20:36:46 | 000,000,000 | ---D | M] -- C:\Users\derek\AppData\Roaming\SparkTrust

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\derek\OneDrive:ms-properties
@Alternate Data Stream - 183 bytes -> C:\Users\derek\OneDrive.old:ms-properties
< End of report >

Pesky Trojans

October 23, 2014, 4:58 pm
$
0
0
Opps forgot to mention the MSE scan turned up "TrojanDownloader:Java/OpenConn..,Exploit:Java/CVE-2010-0840 & TrojanDownloader: Java/Toniper."
I previously had Advast installed at the time of the infection, then got rid of it & tried Panda... was clueless, no $$ to take it anywhere to be fixed.
I am running full scanw/ SuperAnti again now, just to see if that evil Comrerop pops up again, however last week it scanned OK then reared it's ugly head again! When I try to open Firefox I get: "Couldn't load XPCOM".

fatal system error HELP

October 23, 2014, 8:50 pm
$
0
0
I need serious help fast! I am getting fatal system error message and my computer is not running very well at all. This is the information copied from the TSG link above Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: AMD E-450 APU with Radeon(tm) HD Graphics, x64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 1638 Mb
Graphics Card: AMD Radeon HD 6320 Graphics, 384 Mb
Hard Drives: C: Total - 471937 MB, Free - 12722 MB;
Motherboard: PEGATRON CORPORATION, 2AD1
Antivirus: avast! Antivirus, Updated and Enabled:
Also when I saw the 0xC000HD34 : C000021A message I went to the diagnose and troubleshoot problems on my computer and it told me to pick what area to diagnose so not knowing what to pick I picked devices I think and it scanned then said I was missing a driver then when it asked me to fix it I did and it said could not fix problem. I do not know how or what happened to my computer but I need to be on it all day so I need to get this fixed as soon as possible. Please help!!!

Adware.netfiler

October 24, 2014, 9:08 am
$
0
0
Hello

I have a adware.netfilter error on my emisoft malware scan which I am unable to remove Help!!

System running slow, CPU @ 100 % plus will not let any downloads

October 24, 2014, 9:13 am
$
0
0
GOT IT!!!!


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 2
RAM: 2804 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1274 Mb
Hard Drives: C: Total - 225373 MB, Free - 169678 MB;
Motherboard: Acer, Aspire 7741
Antivirus: Microsoft Security Essentials, Disabled

Very slow internet page load and no printer

October 24, 2014, 12:11 pm
$
0
0
Hello,

I do not believe the issue with your printer is related to malware.
As this issue appears to be very pressing, I would suggest going to the Windows XP section and requesting assistance with this printer issue.

Once this issue is resolved, you can return to this topic, and we can finish up this process by double-checking the system is clean, and removing the tools we've used.

windows defender in windows 8

October 24, 2014, 12:40 pm
$
0
0
That combination is fine.
Just don't act on any rootkit warnings without help from an expert here.
And, Don't use the CCleaner Registry button at all.
You are indeed OK, just be careful what you click on..
Search

Slow Pc multi screens not working tab freezing

October 24, 2014, 1:39 pm
$
0
0
I got no clue what is happening but the thing is getting very slow day by day as its slipping full with nonsense and i really got no clue oke got a old audiocard with none microsoft thing driver but that never whas an issue.
i hope someone got an idea.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2045 Mb
Graphics Card: NVIDIA GeForce GT 620, 1024 Mb
Hard Drives: C: Total - 1907726 MB, Free - 1399429 MB;
Motherboard: Dell Inc., 0T656F
Antivirus: Windows Defender, Disabled

nice i see my defender is disabled :-S

here the Hijack logfile,

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:39:28, on 24/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.2 (x86 nl)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\taskhostex.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\skydrive.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\kX Project\kxmixer.exe
C:\WINDOWS\system32\taskhost.exe
C:\Users\space_000\AppData\Local\TNT2\2.0.0.1868\TNT2User.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Users\space_000\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\space_000\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [spc1030] C:\WINDOWS\vspc1030.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [kX Mixer] C:\Program Files\kX Project\kxmixer.exe --startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session http://www.dahippo.com/bp/ship/#!754...0H3E3J3J3E4L4L
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\3DVISI~1\nvStInit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 7211 bytes

Hijacked

October 24, 2014, 3:11 pm
$
0
0
I have apparently swallowed a browser/search engine hijacker. It comes up with Yahoo rather than my normal firefox browser.
I am running on a Mac with OS X 10.9.5 3.06 ghz intel core2 duo

I tried clam xav 2.6.4.dmg. It ran forever and found nothing.

Dave

Hotmail hacked/unable to connect to sites in IE 9.

October 25, 2014, 12:04 am
$
0
0
Hi,

Recently, a family member told me of a problem connecting to windows live "hotmail" in IE. I have since remotely connected to her computer to try to fix the problem(am writing this with use of it). Malwarebytes/Eset online/Sophos have come up clean(with exception of some PUPS in the first MBAM scan). Her long used Webroot has logs(back to 2012) of some of the PUPs MBAM found in said scan(maybe just quarantined stuff?) I have had to use FireFox to access both this RA tool, and their hotmail. The hotmail account was compromised(account name/details changed), but has since been restored. I am still unable to connect via IE 9. I uninstalled/reinstalled IE 9, but the issues remain. I can see the issues in the Farbar additions log, but would like to know if there is anything deeper I can't find. Thank you in advance.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Basic, Service Pack 2, 32 bit
Processor: AMD Sempron(tm) Processor LE-1250, x64 Family 15 Model 127 Stepping 2
Processor Count: 1
RAM: 894 Mb
Graphics Card: NVIDIA GeForce 6100 nForce 405, 128 Mb
Hard Drives: C: Total - 142843 MB, Free - 94961 MB; D: Total - 9781 MB, Free - 4488 MB;
Motherboard: Gateway, MCP61SM2MA
Antivirus: Webroot SecureAnywhere, Updated and Enabled


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by Owner (administrator) on OWNER-PC on 25-10-2014 01:48:18
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(LogMeIn, Inc.) C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-08-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [767664 2014-09-28] (Webroot)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1212098578-3481688397-481139802-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files\NETGEAR\WNA3100\WNA3100.exe ()
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3646
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.foxnews.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...ys=DTP&M=T3646
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm011^YYA^us&si=maps4pcIEboth&ptb=87922450-AE5A-4BC1-9722-6911ECE84F54&ind=2013080415&n=77fd2b5f&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jin...ndows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ol31uch.default
FF Homepage: www.foxnews.com
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-14]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-12-03]
FF Extension: No Name - webrootsecure@webroot.com [Not Found]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5058256 2014-06-27] (Carbonite, Inc. (www.carbonite.com))
S4 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [181800 2007-08-29] (WildTangent, Inc.)
R2 LMIRescue_141bf772-35fc-49b8-a648-ba08d3f0e088; C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3079488 2014-10-24] (LogMeIn, Inc.)
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [767664 2014-09-28] (Webroot)
R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [118304 2014-09-28] (Webroot)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 01:48 - 2014-10-25 01:49 - 00022776 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-10-25 01:47 - 2014-10-25 01:48 - 00000000 ____D () C:\FRST
2014-10-25 01:47 - 2014-10-25 01:47 - 01103360 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
2014-10-25 01:11 - 2014-10-25 01:12 - 00000000 ____D () C:\Users\Owner\Documents\TCPView
2014-10-24 21:39 - 2014-10-24 21:40 - 00000000 ____D () C:\ProgramData\Sophos
2014-10-24 21:37 - 2014-10-24 21:37 - 00002038 _____ () C:\Users\Owner\Desktop\Sophos Virus Removal Tool.lnk
2014-10-24 21:37 - 2014-10-24 21:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-10-24 21:37 - 2014-10-24 21:37 - 00000000 ____D () C:\Program Files\Sophos
2014-10-23 00:48 - 2014-10-23 00:48 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-23 00:48 - 2014-10-23 00:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-23 00:48 - 2014-10-23 00:48 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-23 00:48 - 2014-10-23 00:48 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00434176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-23 00:48 - 2014-10-23 00:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00353584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-23 00:48 - 2014-10-23 00:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-23 00:48 - 2014-10-23 00:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-23 00:48 - 2014-10-23 00:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-22 23:13 - 2014-10-22 23:14 - 00000000 ____D () C:\Users\Owner\Documents\Backup
2014-10-21 19:24 - 2014-10-24 19:54 - 00129792 ____N () C:\Windows\WindowsUpdate.log
2014-10-20 20:28 - 2014-10-24 19:57 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn Rescue Applet
2014-10-20 20:07 - 2014-10-20 20:07 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-20 20:07 - 2014-10-20 20:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-17 22:20 - 2014-10-17 22:20 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2014-10-17 22:17 - 2014-10-17 22:17 - 00000000 ____D () C:\Windows\Sun
2014-10-17 22:15 - 2014-10-17 22:15 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-17 22:15 - 2014-10-17 22:13 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-17 22:14 - 2014-10-17 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 22:13 - 2014-10-17 22:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 20:03 - 2014-10-22 20:28 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 20:01 - 2014-10-17 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 20:01 - 2014-10-17 20:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-17 20:01 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 20:01 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-16 00:27 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 00:27 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 00:27 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 00:22 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 00:15 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 00:12 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 01:47 - 2012-02-14 21:11 - 00000000 ____D () C:\ProgramData\WRData
2014-10-25 01:07 - 2012-03-31 12:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 00:49 - 2013-04-19 19:16 - 00000000 ____D () C:\ProgramData\Skype
2014-10-24 23:53 - 2006-11-02 08:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 23:53 - 2006-11-02 08:45 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:51 - 2012-02-14 21:13 - 00000750 _____ () C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2014-10-24 19:51 - 2008-05-01 18:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-24 19:51 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 19:50 - 2006-11-02 08:58 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 01:14 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-23 01:04 - 2008-02-05 01:09 - 00000000 ____D () C:\Windows\Panther
2014-10-23 00:50 - 2006-11-02 07:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-10-23 00:48 - 2006-11-02 02:32 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-10-23 00:48 - 2006-11-02 02:32 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-10-20 21:59 - 2013-09-25 22:22 - 00000000 ____D () C:\Windows\Minidump
2014-10-20 21:58 - 2010-06-13 16:41 - 00000000 ____D () C:\Program Files\Google
2014-10-20 21:43 - 2013-04-19 19:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-10-20 21:11 - 2011-07-31 21:25 - 00000000 ____D () C:\ProgramData\Remote Desktop Control 2
2014-10-20 21:09 - 2012-09-12 20:33 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-20 21:09 - 2012-09-12 20:33 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-20 21:09 - 2012-09-12 20:27 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-20 21:01 - 2012-09-12 20:27 - 00000000 ____D () C:\ProgramData\Apple
2014-10-20 20:56 - 2008-02-26 16:26 - 00000000 ____D () C:\Program Files\BigFix
2014-10-20 20:56 - 2008-02-26 16:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-20 20:53 - 2009-01-06 22:26 - 00000000 ____D () C:\Program Files\Adobe
2014-10-20 20:53 - 2008-02-26 16:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-20 20:52 - 2008-02-26 16:24 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-20 20:32 - 2011-07-31 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-20 20:31 - 2011-07-31 22:39 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-20 20:07 - 2011-11-22 11:04 - 00000869 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-20 20:07 - 2011-11-22 11:04 - 00000857 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-20 20:07 - 2011-11-22 11:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-20 18:46 - 2008-06-15 23:53 - 00000000 ____D () C:\Windows\pss
2014-10-17 22:13 - 2011-06-27 13:16 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-17 22:13 - 2011-06-27 13:16 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-17 22:13 - 2011-06-27 13:16 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-17 22:12 - 2008-02-26 16:30 - 00000000 ____D () C:\Program Files\Java
2014-10-17 21:06 - 2008-05-06 15:21 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-10-17 20:01 - 2012-07-15 17:08 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 20:01 - 2011-07-31 23:09 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-10-17 20:01 - 2011-07-31 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-16 16:03 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 15:22 - 2006-11-02 08:44 - 00304296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 00:27 - 2008-02-26 16:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 00:20 - 2013-08-15 08:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 00:15 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-02 15:53 - 2009-10-02 12:31 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-28 15:42 - 2012-02-14 21:13 - 00154824 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-09-28 15:42 - 2012-02-14 21:13 - 00118304 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-09-25 13:07 - 2012-03-31 12:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-25 13:07 - 2011-08-28 12:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-24 19:57

==================== End Of Log ============================

Attached Files
File Type: txt Addition.txt (23.2 KB)
File Type: txt Shortcut.txt (86.5 KB)

NeextuCoupp extensions Chrome

October 25, 2014, 12:34 am
$
0
0
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


super large popups

October 25, 2014, 9:19 am
$
0
0
Suddenly, I'm getting almost full screen popups and can't get rid of them or open Firefox unless I check the close box. I was once told not to "x" out of any popups and to get rid of the smaller ones by using control>shift> escape but it doesn't work with these new things. Also, told that it could be a virus, so I scanned with Malwarebyte, Super AV and AVG and none of them picked up a virus.

The only thing I can think of is to never close Firefox.

Also, the small square in the upper right corner for AVG is missing. I found the key once, but can't locate it now.

Would appreciate comments about both.

Acer laptop Win 8 running slow....

October 25, 2014, 3:51 pm
$
0
0
So this laptop used to run great but is now getting slow. Saw someone with a similar post where they ran farbar recovery and someone helped them out. Could I run that or HJT & post here?

Its running really slow and my antivirus keeps warning of threats when ever I open a browser.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 7848 Mb
Graphics Card: NVIDIA GeForce GT 750M, -1 Mb
Hard Drives: C: Total - 935180 MB, Free - 623107 MB;
Motherboard: Acer, VA70_HW
Antivirus: Windows Defender, Disabled

Thanks!
-George

Possible botnet issue/ internet is very slow

October 26, 2014, 9:10 am
Search

I seem to have an EXE problem

October 26, 2014, 10:57 am
$
0
0
There is no sign in the logs of any major infections, just one low level file that should be removed.

Please follow the instructions below to remove the bad file and a few redundant entries. When you have done that and posted the log, please continue with the Seatools scan, I suspect there may be a problem with your hard drive, the error log shows several recent warnings that the file structure is corrupt on your C: drive, a defective hard drive would be the most likely cause.

We are now going to run FRST in a different way.
  • IMPORTANT---> First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
  • Launch FRST by double clicking on it. DO NOT click on the Scan button or check any of the boxes.
  • You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on FRST to open it again.
  • When the FRST window opens click on the Fix button just once and wait.
  • You will see a message confirming the fix has been run and the log saved, click on OK and the Fixlog will open. Copy & Paste the full log it into your next reply.

NOTE: This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.

========================================

Click on this link Seatools for Windows and download Seatools for Windows, the instructions are on the page.

Attached Files
File Type: txt fixlist.txt (912 Bytes)

expert hacker

October 26, 2014, 5:26 pm
$
0
0
Hi,

I have been noticing my C drive folders getting larger though I do not install anything and I notice many different created dates/dates accessed, modified, date last saved dates and my win 7 32 bit software was purchased sept 2010.

I also found hidden desktop remote configuration icons also in different folders. No matter how many times I do a Zap0 on the hard-drive and re install my windows this keeps coming back a few months later. I feel the install CD or the X boot drive is corrupted. I also saw in the registry many files in cabs, also what to back up and restore, what NOT to back up and restore, and recently was directed from a cached file in my computer to a fake Microsoft site where it almost got me to update my computer and stuff.


Someone please help me


Here is the Sysinfo

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) II X2 250 Processor, x64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 3327 Mb
Graphics Card: NVIDIA GeForce GT 440, 1024 Mb
Hard Drives: C: Total - 149898 MB, Free - 120040 MB; E: Total - 326937 MB, Free - 326835 MB;
Motherboard: ASUSTeK Computer INC., M4N68T-M-LE-V2
Antivirus: Microsoft Security Essentials, Updated and Enabled

Trojans - Alureon.GB Alureon.gen!AD Alureon.gen! F Alureon.gen! L and more

October 26, 2014, 6:48 pm
$
0
0
Hello,

Microsoft Malicious Software Removal Tool finds and removes the viruses / malware list in the attachment and suggests using other tools to remove the infections completely but the other tools never find anything (even during a full scan) but if I scan again with the Microsoft tool I get the same results as attached once again.

I run Avast! on my PC's but when it kept coming up with no infections found I downloaded Microsoft Security Essentials as recommended by the other scanner t o see if it would work. (it did not) :(

Not sure what to do to remove these infections for good.

Thank You in advance for your time and efforts!:)

Sys Info
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz, Intel64 Family 6 Model 45 Stepping 7
Processor Count: 8
RAM: 8111 Mb
Graphics Card: NVIDIA GeForce GTX 560 Ti, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 163416 MB; E: Total - 145557 MB, Free - 72319 MB; F: Total - 7053 MB, Free - 3511 MB;
Motherboard: Gigabyte Technology Co., Ltd., X79-UD3
Antivirus: Microsoft Security Essentials, Disabled

Attached Images
File Type: png virus list.PNG (208.3 KB)

Com Surrogate?

October 27, 2014, 9:59 am
$
0
0
It's been awhile since I visited here. Last time was great.
Computer has been acting strange. No web scroll (without effort), cursor getting lost, system sounds not working (iTunes works and some sounds work).
Sound card mixer shows many Com Surrogate volume levels. Other "valid" levels will not adjust.


Thanks. As I'm typing this, I need to use mouse to reposition cursor often.
EDIT: I forgot most important: Cursor is "busy", working in background almost constantly.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8175 Mb
Graphics Card: ATI Radeon HD 5400 Series, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 267758 MB; L: Total - 249881 MB, Free - 183635 MB; M: Total - 226886 MB, Free - 40001 MB;
Motherboard: Gigabyte Technology Co., Ltd., H67MA-UD2H-B3
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

New Computer infected w/Trojan already?!

October 27, 2014, 10:18 am
$
0
0
Good afternoon!


I just got this new computer about 3 weeks ago, and I already seem to have some sort of virus. I keep getting this popup from McAfee telling me I have this infected file which has been sent to quarantine. It then gives me this code PWSZbot-FADO!8BD76CFF1DBB and after about a minute, the notice goes away. This notice keeps popping up (about every two minutes), which leads me to think I need to do something besides let McAfee deal with it. Thank you in advance for all help!


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 4001 Mb
Graphics Card: Intel(R) HD Graphics 4400, 2032 Mb
Hard Drives: C: Total - 938390 MB, Free - 887822 MB; D: Total - 13960 MB, Free - 1771 MB;
Motherboard: Hewlett-Packard, 2AF7
Antivirus: McAfee Anti-Virus and Anti-Spyware, Disabled
Viewing all 4746 articles
Browse latest View live
Search

Latest Images

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
Highlights - Bringing young people to the forefront of EU policy making -...

Highlights - Bringing young people to the forefront of EU policy making -...

April 8, 2024, 8:41 am
People's Blog • Germany Bans the Number 44

People's Blog • Germany Bans the Number 44

April 8, 2024, 2:19 am