Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

Something in my computer I don't want

December 9, 2013, 5:54 pm
$
0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 630 Processor, AMD64 Family 16 Model 5 Stepping 2
Processor Count: 4
RAM: 4094 Mb
Graphics Card: ATI Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 428242 MB;
Motherboard: Gigabyte Technology Co., Ltd., GA-MA74GM-S2
Antivirus: Microsoft Security Essentials, Updated and Enabled

I have something in my computer I don't want there. Whenever I click on Firefox to open a web page it is supposed to open up my home page which is Yahoo.com but instead it opens up a web page with this URL:
http://search.conduit.com/?ctid=CT33...earchSource=13
I tried to remove it with Malwarebytes but after I reboot it just comes back.
I checked in Control Panel/Internet Options and my home page is still listed as http://www/Yahoo.com
Also I tried to run Hijack This but got this message:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
If that happens, you need to edit the fle yourself. To do this click Start, Run and type:
notepad C:\Windows\System32\drivers\etc\hosts and press enter Find the line(s) HijackThis reports and delete them. Save the file as 'hosts' (with quotes), and reboot."
When I click OK another small box pops up with the title Notepad with this message:
Cannot find the C:\Program Files (x86)\Trend Micro\HiJackThis\hijackthis.log file.
Do you want to create a new file?

I don't know what to do with this.
Search

snapdo.com

December 10, 2013, 4:09 am
$
0
0
How do I get rid of snapdo.com which has insinuated itself onto my pc (Dell dimension C521 OS XP) my browser is Mozilla firefox and instead of the blank page when I click on it I get this very annoying and? dangerous snapdo page. Please can soeone help
Nita

Is Inbox ToolBar a virus?

December 10, 2013, 9:37 am
$
0
0
I am running windows 7
The other there was scorpion in control panel seem to have gotten rid of it.
There also was InBox ToolBar by inbox toolbar.com. Don't know if virus or not.
Hijack scan came back with no checks. Should I ignore?


Waiting by computer for you answer

Unsecured https with red bar on Google

December 10, 2013, 2:30 pm
$
0
0
I'm a computer novice and an old guy so sorry, but this padlock and https with a red bar showed up on my site links last month and won't go away. It's affecting how my computer works. What can I do to fix it? Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Starter, Service Pack 1, 32 bit
Processor: Intel(R) Atom(TM) CPU N470 @ 1.83GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 0 Mb
Hard Drives: C: Total - 232844 MB, Free - 193931 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: Microsoft Security Essentials, Updated and Enabled

Buffer Overrun and Loads of Pop Ups

December 10, 2013, 3:17 pm
$
0
0
COMBOFIX
---------------
Please download ComboFix from one of the following locations:
  • Location #1
  • Location #2
    ***IMPORTANT!!! Save ComboFix.exe to your Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Windows Vista/Windows 7, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

WARNING: ComboFix will disconnect your machine from the Internet as soon as it starts.

  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.
In your next reply, please provide the following:

  • ComboFix log.
  • Update on how your PC is running.


Regards,

Richard:D

My Computer has been Hijacked

December 10, 2013, 4:50 pm
$
0
0
Hi,
I had successfully managed to get rid of the Ransomware but I just had another problem now in which the error window always pop up whenever I would open my computer. Please, kindly if you could share me some advise to get rid of this pop up will be much appreciated. Thank you very much in advance.

Possible Virus...Could use your help

December 10, 2013, 7:13 pm
$
0
0
I have included the requested information below. Basically, when i boot up, the PC works fine for about 2 hours and then it freezes. I can't open programs or folders and I can't shut down, and I am forced to do a hard power down reboot. Given the option of safe mode or normal, i select normal and same thing, it's slow to boot, but gets there and everything is OK for a while and then it freezes.

Appreciate any help you can give me.

HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:44 PM, on 12/10/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\vVX3000.exe
C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\NatBen\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=994519&fr=spigot-yhp-ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
O3 - Toolbar: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MusicManager] "C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.ex e"
O4 - HKCU\..\Run: [Google Update] "C:\Users\NatBen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ROC_ROC_APR2013_AV] C:\Users\NatBen\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2054fc9664c547d0b4869da204c2e920-5aa01d8a70d80d3d638471055e4d06a681fb804d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\NatBen\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2054fc9664c547d0b4869da204c2e920-5aa01d8a70d80d3d638471055e4d06a681fb804d --CMPID 0913a
O4 - Startup: Dropbox.lnk = NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/soft...02/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...1022/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 16262 bytes


dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.9.2
Run by NatBen at 20:08:38 on 2013-12-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.3542 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\vVX3000.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\NatBen\Downloads\HijackThis.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
mWinlogon: Userinit = userinit.exe,
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MusicManager] "C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.ex e"
uRun: [Google Update] "C:\Users\NatBen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ROC_ROC_APR2013_AV] C:\Users\NatBen\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 2054fc9664c547d0b4869da204c2e920-5aa01d8a70d80d3d638471055e4d06a681fb804d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
uRun: [AVG-Secure-Search-Update_0913a] C:\Users\NatBen\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 2054fc9664c547d0b4869da204c2e920-5aa01d8a70d80d3d638471055e4d06a681fb804d --CMPID 0913a
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\NatBen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ Dropbox.lnk - C:\Users\NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\348627F6D6563616374743630333 : NameServer = 205.171.2.65,209.244.0.4
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\348627F6D6563616374743630333 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\348627F6D6563616374783334303 : NameServer = 205.171.2.65,209.244.0.4
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\348627F6D6563616374783334303 : DHCPNameServer = 192.168.255.249
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\4656C6D61627479616E63723030383 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{3B3A5153-13E8-48E3-B6C8-8D7AB2C43733}\76F626F60286F6573756 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\8.3\vuzeToolbarIE64.dll
x64-Run: [VX3000] C:\windows\vVX3000.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-2-28 55856]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-28 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-18 659472]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-11-27 807800]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-23 135984]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-28 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-2 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-2 828072]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-28 1692480]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-1-28 551264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-28 2655768]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-12-4 176000]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-28 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-20 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-20 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-3 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-12-8 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-28 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-12-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-12-8 30208]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-11-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-09 02:59:56 -------- d-----w- C:\windows\Migration
2013-12-09 02:54:02 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2013-12-09 02:54:02 366592 ----a-w- C:\windows\System32\qdvd.dll
2013-11-29 01:20:24 -------- d-----w- C:\Program Files (x86)\Vuze Remote Toolbar
2013-11-29 01:20:24 -------- d-----w- C:\Program Files (x86)\Application Updater
2013-11-12 18:07:06 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-11-12 18:07:06 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
.
==================== Find3M ====================
.
2013-11-06 02:55:48 150808 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2013-11-05 02:52:42 240920 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-11-01 04:00:18 212280 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-11-01 03:49:46 294712 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-10-25 03:25:58 194872 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-04 02:28:31 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-10-01 05:52:08 123704 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe
2013-09-12 02:21:54 863344 ----a-w- C:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 02:21:54 501872 ----a-w- C:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 02:21:54 28776 ----a-w- C:\windows\SysWow64\aspnet_counters.dll
2013-09-12 02:21:54 18000 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
.
============= FINISH: 20:37:44.42 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/19/2012 10:27:08 PM
System Uptime: 12/10/2013 7:18:56 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 034W60
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 534.706 GiB free.
D: is CDROM ()
Y: is FIXED (NTFS) - 15 GiB total, 1.094 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X (10.1.8) MUI
Adobe Shockwave Player 11.6
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2014
Bit Che
Bonjour
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon Utilities PhotoStitch
ChromecastApp
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
Dropbox
DVD Decrypter (Remove Only)
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HandBrake 0.9.9
Harmony Browser Plug-in
IDT Audio
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Intel(R) WiDi
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi Software
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 7 Update 1 (64-bit)
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
My Dell
PhotoShowExpress
Picasa 3
PlayReady PC Runtime x86
Plex Media Server
Quickset64
QuickTime
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Skype™ 6.0
Sonic CinePlayer Decoder Pack
Splashtop Software Updater
Splashtop Streamer
swMSM
System Requirements Lab for Intel
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnyiper
TurboTax 2012 wrapper
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VLC media player 2.0.2
Vuze
Vuze Remote Toolbar v8.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/9/2013 9:00:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell DataSafe Online service to connect.
12/9/2013 9:00:54 PM, Error: Service Control Manager [7000] - The Dell DataSafe Online service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2013 5:47:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
12/9/2013 12:06:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
12/9/2013 12:06:40 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2013 12:00:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
12/8/2013 9:25:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2013 9:25:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2013 9:25:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2013 9:25:15 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2013 9:25:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2013 9:24:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
12/8/2013 9:24:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgdiska AVGIDSDriver Avgldx64 discache spldr Wanarpv6
12/8/2013 9:24:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/8/2013 9:24:51 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2013 4:20:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/8/2013 4:20:22 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2013 4:20:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2013 4:18:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
12/8/2013 4:18:51 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/8/2013 11:25:40 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{0efdc2c7-6276-11e1-8fb9-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{3246A500-A5E9-4579-9E1F-DBD580F7E720}' was corrupted and it has been recovered. Some data might have been lost.
12/8/2013 10:10:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
12/7/2013 1:54:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/3/2013 4:00:55 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{0efdc2c7-6276-11e1-8fb9-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C795B496-85CC-4F20-AFB9-1D86DE88C729}' was corrupted and it has been recovered. Some data might have been lost.
12/10/2013 8:37:02 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/10/2013 7:24:46 PM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/10/2013 6:08:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
12/10/2013 6:08:10 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2013 6:08:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/10/2013 10:17:27 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================

ark.txt:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-10 22:00:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931.51GB
Running: felz5v3k.exe; Driver: C:\Users\NatBen\AppData\Local\Temp\kxdirkow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Windows\vVX3000.exe[2164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Windows\vVX3000.exe[2164] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[1812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Users\NatBen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe[1812] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[2596] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Users\NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe[3192] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Users\NatBen\AppData\Roaming\Dropbox\bin\Dropbox.exe[3192] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3448] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[3504] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe[3536] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3752] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\AVG\AVG2014\avgui.exe[3752] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[3916] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[1992] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[3552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[3552] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2
.text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[4116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074fa1465 2 bytes [FA, 74]
.text C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe[4116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074fa14bb 2 bytes [FA, 74]
.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{889A2939-F15E-4242-9957-E16503831716}\Connection@Name isatap.{854BEBD6-338E-4DFF-8E72-BFBB83982054}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}\Connection@Name isatap.{059F5488-96C6-4543-86CD-1AFC6BFA5DBC}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{0BC5F92D-3D70-44A6-B552-537ABEC30D80}?\Device\{D9F1424E-B416-4899-B0C8-C81987CC7B94}?\Device\{DFA44C01-8D77-4CD1-8BB6-D83B318927A9}?\Device\{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}?\Device\{889A2939-F15E-4242-9957-E16503831716}?\Device\{CE95951B-D2F8-42AA-9A89-EBD63397C205}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{0BC5F92D-3D70-44A6-B552-537ABEC30D80}"?"{D9F1424E-B416-4899-B0C8-C81987CC7B94}"?"{DFA44C01-8D77-4CD1-8BB6-D83B318927A9}"?"{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}"?"{889A2939-F15E-4242-9957-E16503831716}"?"{CE95951B-D2F8-42AA-9A89-EBD63397C205}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{0BC5F92D-3D70-44A6-B552-537ABEC30D80}?\Device\TCPIP6TUNNEL_{D9F1424E-B416-4899-B0C8-C81987CC7B94}?\Device\TCPIP6TUNNEL_{DFA44C01-8D77-4CD1-8BB6-D83B318927A9}?\Device\TCPIP6TUNNEL_{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}?\Device\TCPIP6TUNNEL_{889A2939-F15E-4242-9957-E16503831716}?\Device\TCPIP6TUNNEL_{CE95951B-D2F8-42AA-9A89-EBD63397C205}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb422600d3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d054a8
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{889A2939-F15E-4242-9957-E16503831716}@InterfaceName isatap.{854BEBD6-338E-4DFF-8E72-BFBB83982054}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{889A2939-F15E-4242-9957-E16503831716}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}@InterfaceName isatap.{059F5488-96C6-4543-86CD-1AFC6BFA5DBC}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{DDE1B096-4A87-4CC6-891A-AFB08D7BBE1A}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\14-d6-4d-32-14-32@ClientLocalPort 53803
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Teredo\PreviousState\14-d6-4d-32-14-32@TeredoAddress 2001:0:9d38:6ab8:1c0e:2dd4:b5bc:c85d
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 339281
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 21902
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb422600d3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d054a8 (not active ControlSet)

---- EOF - GMER 2.1 ----

Cannot download files from internet or attach files to email. Please Help!

December 11, 2013, 7:12 am
$
0
0
Followed steps to reset registry keys and permissions. Also removed antivirus program and replaced with another.
Search

Programs only run as Administrator

December 11, 2013, 10:57 am
$
0
0
You're welcome.

I also drew a blank with that file and the folder name. I would have had the file checked with an on line scanner to see if it was an infection, which seems highly likely. It should have been removed from the system, all restore points cleared out and a fresh one made so the risk or reinfection would be greatly reduced.

In safe mode it would not have been active so the problem didn't appear. There are some tools we use in Malware removal that might have detected it including FRST which I asked you to run. If the threat is a new variant then the vast majority of scanners, possibly all of them would miss it. The FRST log, however, would have listed the file as newly created and shown the running process which would have been checked as the file name is not recognizable.

You should also have uninstalled Combofix using a specific procedure as it makes changes to the system that get reset when it is uninstalled, this would also have automatically cleared all the restore points and created a new one. All the hidden system files and file extensions will remain visible until this is done. Combofix is designed for use by trained Malware staff that have been well informed on its use, not for the general public or personal use. I can only hope the owner of the PC does not start trying to delete system files because they think the files are suspect and of no use.

This thread will remain open so if the problem returns, complete the instructions above and we will clean out that file and any other suspicious entries that might be in the system. We can also safely uninstall Combofix, trying to uninstall it in the normal way that programs get removed won't work.

I shall mark the thread as Solved, but you can post back at any time and I will get notified.

i (should) know better (

December 11, 2013, 11:27 am
$
0
0
Hello dogzma,

Welcome to TSG.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

Picked up a virus? XP toolbar instead of Vista

December 11, 2013, 12:23 pm
$
0
0
snowscreen,
Yep, warez sites are loaded with infected files, links, clicks

We will update your Adobe Reader here, and use a Removal Tool on AVG, which did not seem to go away properly.
Then we will run another scan with OTL to see how it looks.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files
There are security vulnerabilities in earlier versions. All versions numbered lower than 11.0.04 are vulnerable.
Go HERE to download the Installer AdbeRdr11004_en_US.exe .
Save the file to your desktop and run it to install the latest version of Adobe Reader.
Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category
Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------------------
Retrieve the AVG Removal tool from here: http://download.avg.com/filedir/util..._2013_2706.exe
Save it to your desktop or somewhere you can find it.
Double click on the file, an icon named avg_remover_stf_x86_2013_2706.exe
Let it run until it finishes.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, a notepad window will open. This will be a new version of OTL.txt
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in a reply.
It will also have been saved on your desktop

askey127

XP Dell laptop virus/malware

December 11, 2013, 12:30 pm
$
0
0
I'm looking at a dell laptop running XP
recently downloaded a copy of itunes and ended up with a number of programs , which where unwanted - and looked like malware , cant remeber most of the names, but installed a couple of weeks ago - and left SAS & MWB with friend to run -

the PC is now still extremely slow
I have reduced quite a few of the startup programs - but noticed quite a few of unwanted processes running

on chrome - we goto Start,mysearchdial.xom
on IE - we goto mywebsearch
and so I thought I would clean out all the virus/malware with your support

i know the HP startups are needed to use the all-in-1 scanner and also uses naturally speaking
Some programs are needed HMRC & SAGE & OFFICE

i installed comodo as a firewall and MSE about a year or more ago, and noticed comodo fire wall is nolonger running

superantispway full scan was run and took 20hours - and now uninstalled - with a device manager error, which i fixed
malwarebytes also run a few times and takes 5 hours to run a full scan - and shows no errors now

office 2003 and outlook also used.

here are the logs

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 1014 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
Hard Drives: C: Total - 76238 MB, Free - 16228 MB;
Motherboard: Dell Inc.,
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:06:44, on 11/12/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaseya\ACSFFC93553958302164\KasAVSrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Peter\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...rel&channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...rel&channel=uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IncrediMail MediaBar Toolbar - {a563639d-a539-4bce-b5b8-7da5faf87d00} - C:\Program Files\IncrediMail_MediaBar\prxtbInc2.dll
R3 - URLSearchHook: (no name) - {06b5b051-1d05-443d-822f-39ab0d05f018} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll
R3 - URLSearchHook: (no name) - {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll
R3 - URLSearchHook: (no name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
R3 - URLSearchHook: (no name) - {970a72ad-2603-4b4e-bb28-aff6ab80cccd} - C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kSrcAs.dll
R3 - URLSearchHook: (no name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: Search Assistant BHO - {002d1ba6-4766-4d7d-82b8-f49439c66f97} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Search Assistant BHO - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Toolbar BHO - {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - C:\PROGRA~1\UTILIT~2\bar\1.bin\49bar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Assistant BHO - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll
O2 - BHO: Toolbar BHO - {648c6918-b41c-4949-be9d-a225425f16c7} - C:\PROGRA~1\CRAZYF~2\bar\1.bin\3kbar.dll
O2 - BHO: Search Assistant BHO - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll
O2 - BHO: AskJeeves Desktop BHO - {A0533E6E-B672-405F-9BD2-431C686FA857} - C:\Program Files\Ask\Ask Desktop Search\AskDSBHO.dll
O2 - BHO: IncrediMail MediaBar - {a563639d-a539-4bce-b5b8-7da5faf87d00} - C:\Program Files\IncrediMail_MediaBar\prxtbInc2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Toolbar BHO - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~1\TELEVI~2\bar\1.bin\64bar.dll
O2 - BHO: Toolbar BHO - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbar.dll
O2 - BHO: Search Assistant BHO - {f3e8d7c0-82e1-42e5-a58e-f9114acf45cb} - C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kSrcAs.dll
O2 - BHO: Toolbar BHO - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbar.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IncrediMail MediaBar Toolbar - {a563639d-a539-4bce-b5b8-7da5faf87d00} - C:\Program Files\IncrediMail_MediaBar\prxtbInc2.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll
O3 - Toolbar: BringMeSports - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll
O3 - Toolbar: Utility Chest - {cf67755f-9265-449c-87cf-b945519e073b} - C:\Program Files\UtilityChest_49\bar\1.bin\49bar.dll
O3 - Toolbar: TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll
O3 - Toolbar: CrazyForCricket - {9ddabb0a-cdcc-4cc6-ab2d-356099308433} - C:\Program Files\CrazyForCricket_3k\bar\1.bin\3kbar.dll
O3 - Toolbar: InboxAce - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [CNAP2 Launcher] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKLM\..\Run: [Nuance.ctfmngr] C:\Program Files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe /restore
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABLAEEAUwBFAFkAQQAtAE4AVgBXAFUAVQAtAE4ATABCAEUARgAtAEQAUABOAEQAQQA tAFYAUQA5ADgAQwAtADIAVQBKAFUASwA"&"inst=NwA2AC0AMQA1ADEANAAxADMAMgAzADQANQA tAFQANQAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAMgArADYALQBUAE IAOQArADIALQBGAEwAKwA5AC0ARgA5AE0AKwAxAC0ARgA5AE0ANwBCACsANQAtAFMAVAA5ADAAQ QBQAFAAKwAxAC0AUABMACsAOQAtAEQARABUACsAMAA"&"prod=74"&"ver=9.0.930
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Labtec Mouse Settings.lnk = C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
O8 - Extra context menu item: &Search - http://buttons.inboxace.com/one-toolbaredits/menusearch.jhtml?s=100000448&p2=^YO^xdm230^YYA^gb&si=245288&a=B9F3444F-EB03-4880-B9D1-819015AAB8F1&n=2013080808&cv=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155660776031
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1019A0C-8E4F-4369-ABA5-E175B14CFF31}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BringMeSports Service (BringMeSports_1cService) - BringMeSports - C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbarsvc.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files\Common Files\COMODO\launcher_service.exe
O23 - Service: CrazyForCricketService (CrazyForCricket_3kService) - COMPANYVERS_NAME - C:\PROGRA~1\CRAZYF~2\bar\1.bin\3kbarsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InboxAceService (InboxAce_1gService) - COMPANYVERS_NAME - C:\PROGRA~1\INBOXA~2\bar\1.bin\1gbarsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaseya Security Service (KaseyaAVService) - Unknown owner - C:\Program Files\Kaseya\ACSFFC93553958302164\KasAVSrv.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sage SData Service - Sage (UK) Limited - C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TelevisionFanaticService - COMPANYVERS_NAME - C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
O23 - Service: Utility ChestService (UtilityChest_49Service) - COMPANYVERS_NAME - C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 17842 bytes


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Peter at 18:07:47 on 2013-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.235 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Common Files\COMODO\launcher_service.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Kaseya\ACSFFC93553958302164\KasAVSrv.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Labtec Laser Mouse Software\MulMouse.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Peter\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = http://www.google.co.uk/ig/dell?hl=e...rel&channel=uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: IncrediMail MediaBar Toolbar: {a563639d-a539-4bce-b5b8-7da5faf87d00} - c:\program files\incredimail_mediabar\prxtbInc2.dll
uURLSearchHooks: <No Name>: {06b5b051-1d05-443d-822f-39ab0d05f018} - c:\program files\bringmesports_1c\bar\1.bin\1cSrcAs.dll
uURLSearchHooks: <No Name>: {7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a} - c:\program files\utilitychest_49\bar\1.bin\49SrcAs.dll
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
uURLSearchHooks: <No Name>: {970a72ad-2603-4b4e-bb28-aff6ab80cccd} - c:\program files\crazyforcricket_3k\bar\1.bin\3kSrcAs.dll
uURLSearchHooks: <No Name>: {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - c:\program files\inboxace_1g\bar\1.bin\1gSrcAs.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Search Assistant BHO: {002d1ba6-4766-4d7d-82b8-f49439c66f97} - c:\program files\bringmesports_1c\bar\1.bin\1cSrcAs.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Search Assistant BHO: {06e05b40-77fa-40b6-9077-ed1a7577b1ef} - c:\program files\utilitychest_49\bar\1.bin\49SrcAs.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngin0.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Toolbar BHO: {58f7b5ca-1162-42e8-8bbc-d543b4edd780} - c:\program files\utilitychest_49\bar\1.bin\49bar.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Toolbar BHO: {648c6918-b41c-4949-be9d-a225425f16c7} - c:\program files\crazyforcricket_3k\bar\1.bin\3kbar.dll
BHO: Search Assistant BHO: {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - c:\program files\inboxace_1g\bar\1.bin\1gSrcAs.dll
BHO: AJBHOHandler Class: {A0533E6E-B672-405F-9BD2-431C686FA857} - c:\program files\ask\ask desktop search\AskDSBHO.dll
BHO: IncrediMail MediaBar Toolbar: {a563639d-a539-4bce-b5b8-7da5faf87d00} - c:\program files\incredimail_mediabar\prxtbInc2.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\program files\inboxace_1g\bar\1.bin\1gbar.dll
BHO: Search Assistant BHO: {f3e8d7c0-82e1-42e5-a58e-f9114acf45cb} - c:\program files\crazyforcricket_3k\bar\1.bin\3kSrcAs.dll
BHO: Toolbar BHO: {f653d037-97fa-4755-98c1-7f382eeb59a7} - c:\program files\bringmesports_1c\bar\1.bin\1cbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: IncrediMail MediaBar Toolbar: {A563639D-A539-4BCE-B5B8-7DA5FAF87D00} - c:\program files\incredimail_mediabar\prxtbInc2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngin0.dll
TB: BringMeSports: {CC53BD19-7B23-43B0-AB7C-0E06C708CCED} - c:\program files\bringmesports_1c\bar\1.bin\1cbar.dll
TB: IncrediMail MediaBar Toolbar: {a563639d-a539-4bce-b5b8-7da5faf87d00} - c:\program files\incredimail_mediabar\prxtbInc2.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngin0.dll
TB: BringMeSports: {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - c:\program files\bringmesports_1c\bar\1.bin\1cbar.dll
TB: Utility Chest: {cf67755f-9265-449c-87cf-b945519e073b} - c:\program files\utilitychest_49\bar\1.bin\49bar.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
TB: CrazyForCricket: {9ddabb0a-cdcc-4cc6-ab2d-356099308433} - c:\program files\crazyforcricket_3k\bar\1.bin\3kbar.dll
TB: InboxAce: {3775afd7-5921-4571-968f-85a631203d1c} - c:\program files\inboxace_1g\bar\1.bin\1gbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Second Copy 2000] "c:\program files\seccopy\SecCopy.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [CNAP2 Launcher] c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE
mRun: [Nuance PDF Reader-reminder] "c:\program files\nuance\pdf reader\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf reader\ereg\Ereg.ini"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini"
mRun: [Nuance.ctfmngr] c:\program files\nuance\naturallyspeaking11\program\ctfmngr.exe /restore
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABLAEEAUwBFAFkAQQAtAE4AVgBXAFUAVQAtAE4ATABCAEUARgAtAEQAUABOAEQAQQA tAFYAUQA5ADgAQwAtADIAVQBKAFUASwA"&"inst=NwA2AC0AMQA1ADEANAAxADMAMgAzADQANQA tAFQANQAtAEIAQQArADEALQBLAFYAMwArADcALQBYAEwAKwAxAC0ARgBQADkAMgArADYALQBUAE IAOQArADIALQBGAEwAKwA5AC0ARgA5AE0AKwAxAC0ARgA5AE0ANwBCACsANQAtAFMAVAA5ADAAQ QBQAFAAKwAxAC0AUABMACsAOQAtAEQARABUACsAMAA"&"prod=74"&"ver=9.0.930
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\labtec~1.lnk - c:\program files\labtec laser mouse software\MulMouse.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - http://buttons.inboxace.com/one-toolbaredits/menusearch.jhtml?s=100000448&p2=^YO^xdm230^YYA^gb&si=245288&a=B9F3444F-EB03-4880-B9D1-819015AAB8F1&n=2013080808&cv=1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155660776031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D7BDDEE8-6C71-4ACB-A318-08FF7A2E8C57} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E1019A0C-8E4F-4369-ABA5-E175B14CFF31} : NameServer = 8.26.56.26,156.154.70.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\peter\application data\mozilla\firefox\profiles\vue3x82n.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0 CyCyCzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=266195494&ir=
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: keyword.URL -
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputil s3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputil s35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\bringmesports_1c\bar\1.bin\NP1cStub.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - ExtSQL: !HIDDEN! 2009-08-02 18:50; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-08-22 17:12; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
.
.
.
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0 CyCyCzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=266195494&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0 CyCyCzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=266195494&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0 CyCyCzztN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=266195494&ir=& q=
FF - user.js: extensions.mysearchdial.id - 0015C5CBB9D12877
FF - user.js: extensions.mysearchdial.instlDay - 16007
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.020:56:32
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dstrmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 266195494
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0CyCyCzztN1L2XzutBt FtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q
FF - user.js: extensions.irmysearch.aflt - dstrmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 266195494
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCyD0CyD0C0B0Bzy0DtCtBzzyByBtN0D0Tzu0CyCyCzztN1L2XzutBt FtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-9-3 36112]
R1 MpKsl8b4ebc0a;MpKsl8b4ebc0a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e497f41-6802-46ab-afb3-10b0d05eb356}\MpKsl8b4ebc0a.sys [2013-12-11 40392]
R1 MUsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\MUsbFltr.sys [2008-2-8 9600]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-25 390528]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32 _59849.sys [2013-10-28 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-12-2 155704]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-12-2 228888]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-3-29 70352]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-4 296808]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-3-13 1851088]
R2 KaseyaAVService;Kaseya Security Service;c:\program files\kaseya\acsffc93553958302164\KasAVSrv.exe [2013-2-6 229376]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-11 47640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-12-2 1444120]
R2 Sage SData Service;Sage SData Service;c:\program files\common files\sage sdata\Sage.SData.Service.exe [2009-8-21 49152]
R3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\drivers\sscbfs3.sys [2013-12-6 295936]
S2 BringMeSports_1cService;BringMeSports Service;c:\progra~1\bringm~2\bar\1.bin\1cbarsvc.exe [2011-6-4 34848]
S2 CrazyForCricket_3kService;CrazyForCricketService;c:\progra~1\crazyf~2\bar\1 .bin\3kbarsvc.exe [2013-7-14 42504]
S2 InboxAce_1gService;InboxAceService;c:\progra~1\inboxa~2\bar\1.bin\1gbarsvc. exe [2013-8-8 42504]
S2 nnrrvvrr;nnrrvvrr; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TelevisionFanaticService;TelevisionFanaticService;c:\progra~1\televi~2\bar\ 1.bin\64barsvc.exe [2013-7-14 42504]
S2 UtilityChest_49Service;Utility ChestService;c:\progra~1\utilit~2\bar\1.bin\49barsvc.exe [2013-6-24 42504]
S3 KAPFA;KAPFA;\??\c:\windows\system32\drivers\kapfa.sys --> c:\windows\system32\drivers\KAPFA.SYS [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-12-2 107256]
S3 tiltmouse;Paten HID USB Filter Driver1;c:\windows\system32\drivers\MUsbFltr.sys [2008-2-8 9600]
S3 TukarooNT;TukarooNT;c:\windows\system32\drivers\TukarooNT.sys [2006-7-14 26240]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-12-11 17:32:03 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e497f41-6802-46ab-afb3-10b0d05eb356}\MpKsl8b4ebc0a.sys
2013-12-06 21:16:04 -------- d-----w- c:\documents and settings\peter\local settings\application data\SugarSync
2013-12-06 21:15:32 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-12-06 21:15:31 225024 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-12-06 21:14:27 295936 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-12-06 21:13:49 -------- d-----w- c:\program files\SugarSync
2013-12-06 00:25:46 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e497f41-6802-46ab-afb3-10b0d05eb356}\offreg.dll
2013-12-05 11:33:12 7772552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e497f41-6802-46ab-afb3-10b0d05eb356}\mpengine.dll
2013-12-04 08:57:13 7772552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-02 19:00:04 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-11-18 14:47:07 -------- d-----w- c:\program files\SearchProtect
2013-11-18 14:46:27 -------- d-----w- c:\documents and settings\peter\application data\SearchProtect
2013-11-18 14:46:19 -------- d-----w- c:\documents and settings\all users\application data\Conduit
2013-11-12 10:51:11 -------- d-----w- c:\documents and settings\peter\local settings\application data\Sage
2013-11-12 10:46:41 -------- d-----w- c:\program files\common files\InstallEngine
2013-11-12 10:39:47 4165632 ----a-w- c:\windows\system32\cdintf400.dll
2013-11-12 10:39:39 185344 ----a-w- c:\windows\system32\framedyn.dll
2013-11-12 10:35:58 -------- d-----w- c:\program files\common files\Sage SData
2013-11-12 10:34:19 -------- d-----w- c:\program files\common files\Sage Report Designer 2007
2013-11-12 10:34:19 -------- d-----w- c:\documents and settings\all users\application data\Sage
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 18:10:10 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 18:10:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-24 18:53:51 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-24 18:53:47 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-10-24 18:53:18 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-10-24 18:53:17 85832 ----a-w- c:\windows\system32\LMIinit.dll
2013-10-21 21:05:11 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-21 21:05:09 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH: 18:16:55.34 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 15/08/2006 15:42:16
System Uptime: 11/12/2013 17:30:12 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | Microprocessor | 1664/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 15.835 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet Pro 8500 A909a
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: 8500 A909a,192.168.0.5
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909a
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909a
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P1505n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet P1505n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet CP1525N
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet CP1525N
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4345 mfp
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4345 mfp
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart 6510 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Photosmart 6510 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CM2320nf MFP
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM2320nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet CP3505
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP3505
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 400 M401dn
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: HP LaserJet 400 M401dn
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 500 color M551
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: HP LaserJet 500 color M551
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 500 color M551
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: Hewlett-Packard
Name: HP LaserJet 500 color M551
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909a
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909a
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP2879: 29/10/2013 15:14:44 - Software Distribution Service 3.0
RP2880: 30/10/2013 19:52:48 - System Checkpoint
RP2881: 30/10/2013 20:43:44 - Software Distribution Service 3.0
RP2882: 31/10/2013 21:37:12 - Software Distribution Service 3.0
RP2883: 02/11/2013 00:18:02 - System Checkpoint
RP2884: 02/11/2013 09:47:28 - Software Distribution Service 3.0
RP2885: 03/11/2013 10:54:24 - System Checkpoint
RP2886: 04/11/2013 06:47:27 - Software Distribution Service 3.0
RP2887: 05/11/2013 15:43:21 - System Checkpoint
RP2888: 05/11/2013 16:34:05 - Software Distribution Service 3.0
RP2889: 06/11/2013 19:27:45 - System Checkpoint
RP2890: 07/11/2013 10:05:00 - Software Distribution Service 3.0
RP2891: 08/11/2013 11:32:56 - System Checkpoint
RP2892: 09/11/2013 08:46:28 - Software Distribution Service 3.0
RP2893: 10/11/2013 11:42:34 - System Checkpoint
RP2894: 10/11/2013 20:41:19 - Printer Driver Amyuni Document Converter 2.10 Installed
RP2895: 11/11/2013 08:00:23 - Software Distribution Service 3.0
RP2896: 12/11/2013 08:31:37 - System Checkpoint
RP2897: 12/11/2013 09:06:45 - Software Distribution Service 3.0
RP2898: 12/11/2013 10:40:29 - Printer Driver Amyuni Document Converter 400 Installed
RP2899: 13/11/2013 13:30:57 - System Checkpoint
RP2900: 13/11/2013 14:52:43 - Software Distribution Service 3.0
RP2901: 14/11/2013 15:13:50 - System Checkpoint
RP2902: 15/11/2013 02:08:21 - Software Distribution Service 3.0
RP2903: 16/11/2013 07:37:52 - System Checkpoint
RP2904: 16/11/2013 08:36:31 - Software Distribution Service 3.0
RP2905: 17/11/2013 11:17:32 - System Checkpoint
RP2906: 18/11/2013 09:24:32 - Software Distribution Service 3.0
RP2907: 19/11/2013 12:20:04 - System Checkpoint
RP2908: 20/11/2013 08:52:37 - Software Distribution Service 3.0
RP2909: 21/11/2013 10:42:09 - Software Distribution Service 3.0
RP2910: 22/11/2013 12:13:49 - System Checkpoint
RP2911: 23/11/2013 08:06:35 - Software Distribution Service 3.0
RP2912: 24/11/2013 09:07:41 - System Checkpoint
RP2913: 24/11/2013 10:12:48 - Software Distribution Service 3.0
RP2914: 25/11/2013 07:17:32 - Installed Rapport
RP2915: 26/11/2013 07:36:21 - System Checkpoint
RP2916: 26/11/2013 10:50:56 - Software Distribution Service 3.0
RP2917: 27/11/2013 11:52:51 - System Checkpoint
RP2918: 27/11/2013 21:08:35 - Software Distribution Service 3.0
RP2919: 28/11/2013 22:19:54 - System Checkpoint
RP2920: 30/11/2013 00:02:38 - System Checkpoint
RP2921: 30/11/2013 01:34:43 - Software Distribution Service 3.0
RP2922: 01/12/2013 09:26:53 - System Checkpoint
RP2923: 02/12/2013 09:57:41 - System Checkpoint
RP2924: 02/12/2013 15:07:53 - Software Distribution Service 3.0
RP2925: 03/12/2013 19:15:14 - System Checkpoint
RP2926: 04/12/2013 08:56:57 - Software Distribution Service 3.0
RP2927: 05/12/2013 08:58:15 - System Checkpoint
RP2928: 05/12/2013 11:33:03 - Software Distribution Service 3.0
RP2929: 06/12/2013 13:33:20 - System Checkpoint
RP2930: 10/12/2013 23:39:53 - System Checkpoint
RP2931: 11/12/2013 15:09:08 - Installed Rapport
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909a
ABBYY PDF Transformer 2.0
Accounts
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe® Photoshop® Album Starter Edition 3.2
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Desktop Search v2.1
Basic PAYE Tools
Basic PAYE Tools 2012
BBC iPlayer Desktop
Bluetooth Stack for Windows by Toshiba
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BringMeSports
Broadcom Management Programs
BufferChm
Canon LBP3010/LBP3018/LBP3050
Comodo Dragon
Compatibility Pack for the 2007 Office system
Conduit Engine
Conexant HDA D110 MDC V.92 Modem
CrazyForCricket Firefox Toolbar
CrazyForCricket Internet Explorer Toolbar
Critical Update for Windows Media Player 11 (KB959772)
Croner-i Human Resources Desktop Shortcut
Destination Component
DeviceDiscovery
DG834
Digital Line Detect
DocMgr
DocProc
Dragon NaturallySpeaking 11
Driver Detective
Employment Tribunal Service Response Forms
EPSON Printer Software
Fax
FinePrint pdfFactory Pro
GeekBuddy
Google Chrome
Google Desktop Search
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardwood Solitaire III
Hewlett-Packard ACLM.NET v1.1.0.0
HMRC Employer CD-ROM 2009 - July Update
HMRC Employer CD-ROM 2010 - Updated Edition 2.1.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp color LaserJet 1500
HP Customer Participation Program 12.0
hp deskjet 6122
hp deskjet 6122 series
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
InboxAce Firefox Toolbar
InboxAce Internet Explorer Toolbar
IncrediMail_MediaBar Toolbar
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Labtec Laser Mouse Software
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox 6.0.1 (x86 en-US)
mPfMgr
mPfWiz
MPM
mProSafe
MSN
mSSO
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MVision
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
Network
Nuance PDF Reader
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
Orange Mobile Partner
PhotoMail Maker
Picasa 2
Picasa 3
PowerDVD 5.7
Powertoys For Windows XP
ProductContext
QuickSet
QuickTime
Rapport
RealPlayer
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sage 50 Accounts 2010
Sage Accounts
Sage Accounts V10.00
Sage Accounts V12.00
SageAcc
Scan
Second Copy 2000
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
Skype@phone
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic Update Manager
SpeedyPC
Status
SugarSync
SyncToy
TelevisionFanatic Firefox Toolbar
TelevisionFanatic Internet Explorer Toolbar
The Halifax B Mk III Explored
Toolbox
TrayApp
Trusteer Endpoint Protection
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utility Chest Toolbar
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Driver Package - Labtec Wireless Laser Mouse (moufiltr) Mouse (02/07/2007 1.00)
Windows Driver Package - Paten (tiltmouse) HIDClass (02/11/2006 5.1.1.3)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile® Device Handbook
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/12/2013 17:42:24, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1273.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/12/2013 17:42:24, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1273.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/12/2013 17:42:24, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.163.1273.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10100.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/12/2013 15:40:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.
11/12/2013 15:40:41, error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2013 15:40:41, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service HPSLPSVC with arguments "" in order to run the server: {10DA4F3C-CC99-4190-BE4D-58330754E882}
11/12/2013 15:32:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Rapport Management Service service to connect.
11/12/2013 15:32:09, error: Service Control Manager [7000] - The Rapport Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/12/2013 12:34:30, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302CA2F85. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
05/12/2013 09:44:14, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
05/12/2013 09:43:51, error: Service Control Manager [7000] - The nnrrvvrr service failed to start due to the following error: The system cannot find the file specified.
05/12/2013 08:03:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
05/12/2013 08:03:33, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
04/12/2013 16:07:35, error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
04/12/2013 08:02:36, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================


GMER 2.1.19163 - http://www.gmer.net
Rootkit quick scan 2013-12-11 19:03:32
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST98823AS rev.8.03 74.53GB
Running: j5p1cbd1.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\uxddapow.sys


---- Devices - GMER 2.1 ----

Device Ntfs.sys
Device Fastfat.SYS

AttachedDevice fltmgr.sys

---- EOF - GMER 2.1 ----

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-11 21:33:16
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST98823AS rev.8.03 74.53GB
Running: j5p1cbd1.exe; Driver: C:\DOCUME~1\Peter\LOCALS~1\Temp\uxddapow.sys


---- Kernel code sections - GMER 2.1 ----

? C:\DOCUME~1\Peter\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -671911414
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30340758
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -671755164
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30340758

---- EOF - GMER 2.1 ----

Computer a bit sluggish, need a check up.

December 11, 2013, 6:54 pm
$
0
0
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-11 21:54:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 OCZ-VERTEX rev.1.30 119.24GB
Running: 3txwszht.exe; Driver: C:\Users\N\AppData\Local\Temp\pgldqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031ec000 17 bytes [01, 0F, 85, 2F, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 546 fffff800031ec012 2 bytes [45, 00]

---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000736e1a22 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000736e1ad0 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000736e1b08 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000736e1bba 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000736e1bda 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Users\N\AppData\Local\FluxSoftware\Flux\flux.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Users\N\AppData\Local\FluxSoftware\Flux\flux.exe[2480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe[3396] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000760a1072 5 bytes JMP 0000000108a0bbbb
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000760a3475 5 bytes JMP 0000000108a0b465
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!GetDC 00000000765272c4 5 bytes JMP 0000000108a0aca0
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!ReleaseDC 0000000076527446 5 bytes JMP 0000000108a0ad48
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076528a29 5 bytes JMP 0000000108a0b813
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000076528e4e 5 bytes JMP 0000000108a0b69f
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!IsWindowVisible 000000007653112d 7 bytes JMP 0000000108a0b8e5
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076531218 5 bytes JMP 0000000108a0b195
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076531361 5 bytes JMP 0000000108a0ac04
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!InvalidateRect 0000000076531381 5 bytes JMP 0000000108a0af76
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!RedrawWindow 000000007653140b 5 bytes JMP 0000000108a0b2fa
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!SetFocus 0000000076532175 5 bytes JMP 0000000108a0aec5
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!RegisterClassA 000000007653434b 5 bytes JMP 0000000108a0b3b4
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!InvalidateRgn 0000000076536604 5 bytes JMP 0000000108a0b02d
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!TrackPopupMenu 000000007654c288 5 bytes JMP 0000000108a0baf8
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007654cfca 5 bytes JMP 0000000108a0b525
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!WindowFromPoint 000000007654ed12 5 bytes JMP 0000000108a0b246
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!SetCapture 000000007654ed56 5 bytes JMP 0000000108a0b0e4
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007654f170 5 bytes JMP 0000000108a0b762
.text C:\Program Files (x86)\Xfire\Xfire.exe[1484] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000765510dc 5 bytes JMP 0000000108a0b5e2
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000736e1a22 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000736e1ad0 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000736e1b08 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000736e1bba 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000736e1bda 2 bytes [6E, 73]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[3680] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1188:928] 000007fefb0f2a7c

---- EOF - GMER 2.1 ----

Took Password

December 11, 2013, 7:06 pm
$
0
0
When I go to one of the sites, that send me an email & click on a crochet pattern they send me, it first sends me to a page that states "column'user-browser cannot be null" then goes to pattern page. This is for all they send me & never used do or say that.

Rundll error: the specified module could not be found

December 11, 2013, 8:05 pm
$
0
0
this is the OTL.txt

OTL logfile created on: 12/11/2013 10:20:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rachael\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 37.72% Memory free
6.94 Gb Paging File | 3.47 Gb Available in Paging File | 50.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.97 Gb Total Space | 140.16 Gb Free Space | 31.08% Space Free | Partition Type: NTFS

Computer Name: RACHAEL-PC | User Name: Rachael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/11 22:18:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rachael\Downloads\OTL.exe
PRC - [2013/12/11 18:45:13 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Users\Rachael\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/12/11 00:50:43 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Users\Rachael\Microsoft Office 15\root\office15\WINWORD.EXE
PRC - [2013/12/03 16:30:53 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 16:30:52 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/20 14:35:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/16 10:18:44 | 003,688,448 | ---- | M] (Adpeak, Inc.) -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
PRC - [2013/09/10 22:11:40 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2013/09/03 13:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Users\Rachael\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2013/09/03 05:53:52 | 001,272,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
PRC - [2013/09/03 05:53:50 | 001,467,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2013/08/02 17:09:24 | 028,057,256 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/06 20:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 20:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/06/06 14:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/11/30 16:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/11 00:49:03 | 000,196,176 | ---- | M] () -- C:\Users\Rachael\Microsoft Office 15\root\office15\IEAWSDC.DLL
MOD - [2013/12/11 00:48:06 | 000,359,592 | ---- | M] () -- C:\Users\Rachael\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/12/11 00:48:06 | 000,316,584 | ---- | M] () -- C:\Users\Rachael\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgoo glenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.d ll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\libgl esv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\libeg l.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpe gsumo.dll
MOD - [2013/12/03 16:31:05 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/09/03 05:53:50 | 000,305,520 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/03/13 12:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 15:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/07/27 12:51:34 | 006,549,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/03 16:30:52 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/12/03 13:00:40 | 000,512,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe -- (Level Quality Watcher)
SRV:64bit: - [2013/11/26 13:13:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/16 10:18:44 | 003,688,448 | ---- | M] (Adpeak, Inc.) [Auto | Running] -- C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe -- (AdpeakProxy)
SRV:64bit: - [2013/09/06 09:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/24 13:36:24 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2012/02/13 15:38:18 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/09 18:28:32 | 000,295,360 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/02/02 14:33:46 | 000,580,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 14:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/10/20 13:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/11 17:03:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/20 14:35:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/07 13:58:16 | 000,121,616 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/09/10 22:11:40 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/06/05 14:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/11/30 16:17:01 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 16:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/03 16:31:08 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/03 16:31:08 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/03 16:31:08 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/03 16:31:08 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/03 16:31:08 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/03 16:31:08 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/12/03 16:31:08 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/12/03 16:31:08 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/08/29 23:48:09 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/07/09 11:58:54 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/03/10 16:49:12 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 04:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 18:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 18:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 20:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 17:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 18:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 17:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 16:09:14 | 010,826,240 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/13 14:36:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/01 10:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/01/16 14:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/14 03:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/01/04 11:24:18 | 000,220,288 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2012/01/04 11:24:18 | 000,103,552 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/12/22 18:22:12 | 000,412,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/05 13:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/07/28 13:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/07/25 10:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/18 15:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 18:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 14:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/07/19 16:13:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130804.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/07/05 14:13:15 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130805.023\ex64.sys -- (NAVEX15)
DRV - [2013/07/05 14:13:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/07/05 14:13:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/05 14:13:15 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130805.023\eng64.sys -- (NAVENG)
DRV - [2013/07/02 02:01:42 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {01629C24-993A-458A-9AD5-B7F226AC8811}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT3306061
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes,DefaultScope = {01629C24-993A-458A-9AD5-B7F226AC8811}
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\{01629C24-993A-458A-9AD5-B7F226AC8811}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN3963906 6303215810&UM=2
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\{48E0B17F-FDD5-4EAA-8B8E-4CBC62E8051E}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS543
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\{66FCE737-17EB-4C09-A01D-BC39F81FF94C}: "URL" = http://www.bing.com/search?FORM=U159DF&PC=U159&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\SearchScopes\169A7D576B1B4937A313290E2CB79424: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..CT3306061.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN54046961248316441&UM=2&SearchSource=3& q={searchTerms}"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.search.selectedEngine: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN54046961248316441&UM=2& q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@microsoft.com/Office on Demand;version=1: C:\Users\Rachael\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rachael\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rachael\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/08 20:35:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/12/10 16:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/03 16:31:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/12/03 16:34:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/07/06 22:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachael\AppData\Roaming\Mozilla\Extensions
[2013/12/11 16:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ extensions
[2013/12/11 16:13:37 | 000,000,000 | ---D | M] (Connect DLC 5) -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[2013/12/05 13:04:01 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ extensions\ScorpionSaver@jetpack
[2013/10/12 15:19:31 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/09 00:21:37 | 000,002,273 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ searchplugins\bingp.xml
[2013/11/30 15:18:46 | 000,001,003 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ searchplugins\conduit.xml
[2013/11/30 00:36:30 | 000,003,726 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ searchplugins\safeguard-secure-search.xml
[2013/07/15 10:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\qge0e6uw.default\ searchplugins\yahoo.xml
[2013/11/20 14:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 14:35:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/11 17:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/12/11 17:07:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/03 16:34:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/12/03 16:31:14 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryFor Suggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instan tExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEnco ding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoo gleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rachael\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.d ll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Bejeweled = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Angry Birds = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_1\
CHR - Extension: Beatlab = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk\1.0.1_0\
CHR - Extension: Google Drive = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: UJAM - Make your music. = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci\1.1_0\
CHR - Extension: rotoscope = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhimnnhmaanmanmmokfpijgambokcpni\2_0\
CHR - Extension: 8 Ball Pool Multiplayer = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\enapaicicmcakmngdopeadgpddfocepb\1.0.2_0\
CHR - Extension: AdBlock = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: avast! Online Security = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Green-Screen = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgbkndiciilcccelbaaaobennpngejo\1.2.0_0\
CHR - Extension: 90`s Games = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\
CHR - Extension: Webcam Toy = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: Need for Speed World = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: The KARAOKE Channel = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nandjepbaefppagnjcpigfngcdgjcpah\1.0.2_0\
CHR - Extension: Lumosity = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Picky Wallpapers = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\
CHR - Extension: Picky Wallpapers = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: Autumn = C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncooeidkmfddiohbpfcfbenjdnpdkac\1.3_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3330759015-3658004995-3307022885-1001..\Run: [SearchProtection] C:\Users\Rachael\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rachael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\windows\SysNative\AdpeakProxy64.dll (Adpeak, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\windows\SysWow64\AdpeakProxy.dll (Adpeak, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.30.224.5 10.130.224.5 10.0.61.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D16AB2B7-B221-4F3C-8C56-DAD61173ED40}: DhcpNameServer = 10.30.224.5 10.130.224.5 10.0.61.253
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/11 17:03:18 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/11 00:47:41 | 000,000,000 | ---D | C] -- C:\Users\Rachael\Microsoft Office 15
[2013/12/06 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\ScorpionSaver Services
[2013/12/06 12:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rachael\Documents\pictures for digital stories
[2013/12/06 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Story 3 for Windows
[2013/12/06 11:41:43 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\{2B251A27-D493-4EC8-8953-22A3CE1B89CA}
[2013/12/06 07:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/12/05 13:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/12/03 21:20:31 | 000,716,800 | ---- | C] (Pharos Systems International) -- C:\windows\SysNative\PSR5C1CE.DLL
[2013/12/03 21:20:27 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4r.dll
[2013/12/03 21:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PharosSystems
[2013/12/03 21:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pharos
[2013/12/03 21:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pharos
[2013/12/03 16:39:01 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Roaming\AVAST Software
[2013/12/03 16:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/03 16:11:33 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\TBHostSupport
[2013/12/01 00:43:41 | 000,439,296 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysNative\AdpeakProxy64.dll
[2013/12/01 00:43:36 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\windows\SysWow64\AdpeakProxy.dll
[2013/11/30 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/11/30 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2013/11/30 00:41:35 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/30 00:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/30 00:29:42 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\mHotspot_Inc
[2013/11/30 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/11/30 00:28:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/11/30 00:28:45 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\NativeMessaging
[2013/11/30 00:28:39 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\Conduit
[2013/11/30 00:28:35 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Local\CRE
[2013/11/30 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/11/30 00:27:42 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Roaming\OpenCandy
[2013/11/30 00:27:37 | 000,000,000 | ---D | C] -- C:\Users\Rachael\AppData\Roaming\SearchProtect
[2013/11/26 17:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/11/26 17:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/11/26 13:16:27 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/11/26 13:13:33 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/26 13:13:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/26 13:13:27 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/26 13:13:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/26 13:13:27 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/26 13:13:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/26 13:13:27 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 13:13:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/26 13:13:27 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/26 13:13:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/26 13:13:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/26 13:13:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/26 13:13:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/26 13:13:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/26 13:13:27 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/26 13:13:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/26 13:13:27 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/26 13:13:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/26 13:13:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/26 13:13:26 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/26 13:13:26 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/26 13:13:26 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/26 13:13:26 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 13:13:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/26 13:13:26 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/26 13:13:26 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/26 13:13:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/26 13:13:26 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/26 13:13:26 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/26 13:13:26 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/26 13:13:26 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/26 13:13:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/26 13:13:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/26 13:13:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/26 13:13:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/26 13:13:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/26 13:13:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/26 13:13:26 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/26 13:13:26 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/26 13:13:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/26 13:13:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/26 13:13:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/26 13:13:25 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 13:13:25 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/26 13:13:25 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/26 13:13:25 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/26 13:13:25 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/26 13:13:25 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 13:13:25 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/26 13:13:25 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/26 13:13:25 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 13:13:25 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/26 13:13:25 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/26 13:13:25 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/26 13:13:25 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/26 13:13:25 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/26 13:13:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 13:13:25 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/26 13:13:25 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/26 13:13:25 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/26 13:13:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 13:13:25 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/26 13:13:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 13:13:25 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/26 13:13:25 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/26 13:13:25 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/26 13:13:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/26 13:13:25 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/26 13:13:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/26 13:13:25 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/26 13:13:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 13:13:25 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/26 13:13:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/26 13:13:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 13:13:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/26 13:13:25 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/26 13:13:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 13:13:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/26 13:13:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/26 13:13:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/20 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/19 15:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/11/19 15:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/11/13 10:42:17 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/13 10:41:44 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/13 10:41:44 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/13 10:41:44 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 10:41:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/13 10:41:43 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 10:41:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/13 10:41:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/13 10:41:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/13 10:41:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/13 10:41:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/13 10:41:00 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/13 10:40:56 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/13 10:40:56 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/13 10:40:55 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/13 10:40:55 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/11 22:09:12 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330759015-3658004995-3307022885-1001UA.job
[2013/12/11 22:08:58 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/11 22:08:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/11 17:03:32 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 17:03:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/11 17:03:19 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/11 00:06:01 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3330759015-3658004995-3307022885-1001Core.job
[2013/12/10 16:23:58 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 16:23:58 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 16:15:48 | 000,000,204 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2013/12/10 16:15:16 | 2794,450,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/10 15:37:11 | 000,779,266 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/10 15:37:11 | 000,660,530 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/10 15:37:11 | 000,121,426 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/06 13:52:34 | 000,582,114 | ---- | M] () -- C:\Users\Rachael\Documents\PhotoStory.wp3
[2013/12/05 17:09:25 | 000,002,394 | ---- | M] () -- C:\Users\Rachael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/05 17:09:25 | 000,002,392 | ---- | M] () -- C:\Users\Rachael\Desktop\Google Chrome.lnk
[2013/12/03 16:32:30 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/03 16:31:08 | 001,032,416 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/03 16:31:08 | 000,409,832 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/03 16:31:08 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/03 16:31:08 | 000,205,320 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/03 16:31:08 | 000,092,544 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/12/03 16:31:08 | 000,084,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/03 16:31:08 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/12/03 16:31:08 | 000,065,264 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/12/03 16:31:08 | 000,038,984 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/12/03 16:31:06 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/03 16:24:28 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/12/01 01:03:19 | 000,000,651 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2013/11/30 15:21:05 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/29 23:54:52 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/11/26 17:14:42 | 000,001,942 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/26 17:14:41 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/26 13:13:33 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/26 13:13:33 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/26 13:13:27 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/26 13:13:27 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/26 13:13:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/26 13:13:27 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/26 13:13:27 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/26 13:13:27 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/26 13:13:27 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/26 13:13:27 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/26 13:13:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/26 13:13:27 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/26 13:13:27 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/26 13:13:27 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/26 13:13:27 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/26 13:13:27 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/26 13:13:27 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/26 13:13:27 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/26 13:13:27 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/26 13:13:27 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/26 13:13:27 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 13:13:26 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/26 13:13:26 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/26 13:13:26 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/26 13:13:26 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/26 13:13:26 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/26 13:13:26 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/26 13:13:26 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/26 13:13:26 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/26 13:13:26 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/26 13:13:26 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/26 13:13:26 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/26 13:13:26 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/26 13:13:26 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/26 13:13:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/26 13:13:26 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/26 13:13:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/26 13:13:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/26 13:13:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/26 13:13:26 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/26 13:13:26 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/26 13:13:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/26 13:13:26 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/26 13:13:26 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/26 13:13:25 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/26 13:13:25 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/26 13:13:25 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/26 13:13:25 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/26 13:13:25 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/26 13:13:25 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/26 13:13:25 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/26 13:13:25 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/26 13:13:25 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/26 13:13:25 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/26 13:13:25 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/26 13:13:25 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/26 13:13:25 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/26 13:13:25 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/26 13:13:25 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/26 13:13:25 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/26 13:13:25 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/26 13:13:25 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/26 13:13:25 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/26 13:13:25 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/26 13:13:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/26 13:13:25 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/26 13:13:25 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/26 13:13:25 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/26 13:13:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/26 13:13:25 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/26 13:13:25 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/26 13:13:25 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/26 13:13:25 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/26 13:13:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/26 13:13:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/26 13:13:25 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/26 13:13:25 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/26 13:13:25 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/26 13:13:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/26 13:13:25 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/26 13:13:25 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/26 13:13:25 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 12:52:21 | 000,582,114 | ---- | C] () -- C:\Users\Rachael\Documents\PhotoStory.wp3
[2013/12/06 11:46:18 | 000,001,744 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk
[2013/11/30 00:26:41 | 000,000,009 | ---- | C] () -- C:\END
[2013/11/29 23:54:52 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2013/11/26 13:13:27 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/26 13:13:25 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 15:35:35 | 000,001,942 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/11/19 15:35:34 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/11/06 15:42:12 | 000,005,360 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxy.ini
[2013/11/06 15:32:48 | 000,002,312 | ---- | C] () -- C:\windows\SysWow64\AdpeakProxyOff.ini
[2013/07/12 16:04:53 | 000,000,259 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2013/07/12 16:04:53 | 000,000,065 | ---- | C] () -- C:\windows\brpcfx.ini
[2013/07/12 16:00:29 | 000,000,066 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2013/07/12 16:00:25 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2013/07/12 16:00:19 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2013/07/12 16:00:16 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2013/07/06 13:15:32 | 000,614,400 | ---- | C] () -- C:\windows\AutoKMS.exe
[2013/07/06 13:15:32 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini
[2013/07/05 15:17:45 | 000,773,482 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/07/05 14:15:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/07/05 13:46:25 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/07/05 13:40:19 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/07/05 13:40:19 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/07/05 13:40:19 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/02/13 15:31:50 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2012/02/09 12:42:58 | 000,023,040 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/03 16:39:01 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\AVAST Software
[2013/07/12 16:30:46 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\ControlCenter4
[2013/12/10 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\Dropbox
[2013/07/15 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\FreeTorrentViewer
[2013/11/30 15:00:51 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\OpenCandy
[2013/07/12 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\PCCUStubInstaller
[2013/07/15 10:23:44 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\Search Protection
[2013/11/30 00:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\SearchProtect
[2013/07/05 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\Toshiba
[2013/12/03 16:56:38 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\uTorrent
[2013/07/05 15:40:18 | 000,000,000 | ---D | M] -- C:\Users\Rachael\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
Search

Malicious Melware on website

December 12, 2013, 5:22 am
$
0
0
:confused:Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 4002 Mb
Graphics Card: NVIDIA GeForce GT 540M, 1024 Mb
Hard Drives: C: Total - 702298 MB, Free - 572601 MB;
Motherboard: TOSHIBA, PEQAA
Antivirus: Avira Desktop, Updated and Enabled

Melware is effecting the uploading of images to the website and Microsoft outlook has a continuous stream of messages from yahoo email addresses into the Junk mail box

If someone can help I have wasted a whole day on this problem

pc slow/freezes & at times no toolbar. No system restore

December 12, 2013, 8:15 am
$
0
0
My Dell Dimesnsion 8400 with Windows Xp is as slow as can be, sometimes taking a half hour to open one program. Multi tasking is impossible. Some times the tool bar dissapears. Tried system restore. It wouldnt do it. Had to do it with safety mode. And problem still persists. Im never buying Bitdender again. Sometimes the screen goes black if no activity for a few minutes. I have internet but the Network Magic keeps showing not connected.
The GMER program kept stalling even all windows closed and when i left it alone untouched all night long so I am not able to supply a report from it. A window kept poping up "hzm46ett.exe is not responsive". And I unchecked the IT/ET box too before the scan. It scanned a lot but in the end froze. Im supplying the other three reports. I would appreciate any help. Thank you.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz, x86 Family 15 Model 3 Stepping 4
Processor Count: 2
RAM: 2046 Mb
Graphics Card: RADEON X300 Series, 128 Mb
Hard Drives: C: Total - 131061 MB, Free - 13391 MB; F: Total - 21524 MB, Free - 20586 MB; G: Total - 1907726 MB, Free - 1733565 MB;
Motherboard: Dell Inc., 0U7077
Antivirus: Bitdefender Antivirus, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:54 PM, on 12/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst...4de6cdbc6e7c81
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23GBR30J05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Monitor Ink Alerts - .lnk = ?
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Startup: Seagate NA1Q2F3L Product Registration.lnk = C:\Documents and Settings\mike\Application Data\Leadertech\PowerRegister\Seagate NA1Q2F3L Product Registration.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: http://www.mozilla.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/s.../SysProExe.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - http://i.dell.com/images/global/js/s...SYSSCANNER.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/...allMgr_v01.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1162075251648
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1212756700890
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://advweb.countrywide.com/supportfiles/msrdp.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activ...eX_Control.cab
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {F375116A-793C-11D2-BFE1-444553540001} (First American Res MapActiveX Control) - http://realist2.firstamres.com/mapviewer/mapviewer.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...vex-latest.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O21 - SSODL: Kbdicnet - {205E8DF8-EB73-4249-8386-2EC0DDCA90D2} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
--
End of file - 17606 bytes

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2006 5:39:26 PM
System Uptime: 12/11/2013 3:37:59 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 128 GiB total, 12.604 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 21 GiB total, 20.104 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 1692.935 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: TI Technologies Inc.
Description: RADEON X300 Series Secondary
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Manufacturer: ATI Technologies Inc.
Name: RADEON X300 Series Secondary
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&16EC1A1&0&0108
Service: ati2mtag
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
==== System Restore Points ===================
.
RP232: 9/3/2013 3:05:23 PM - System Checkpoint
RP233: 9/7/2013 6:43:31 AM - System Checkpoint
RP234: 9/13/2013 8:05:20 PM - Software Distribution Service 3.0
RP235: 9/18/2013 6:00:45 PM - System Checkpoint
RP236: 9/26/2013 9:07:13 AM - Restore Operation
RP237: 10/5/2013 3:21:09 PM - System Checkpoint
RP238: 10/8/2013 10:27:31 AM - Software Distribution Service 3.0
RP239: 11/10/2013 8:03:57 PM - System Checkpoint
RP240: 11/16/2013 2:12:01 PM - System Checkpoint
RP241: 11/17/2013 9:57:06 AM - Restore Operation
RP242: 11/17/2013 10:02:13 AM - Restore Operation
RP243: 11/20/2013 11:05:08 AM - Installed AVG PC TuneUp 2014
RP244: 11/22/2013 1:49:52 PM - System Checkpoint
RP245: 11/22/2013 9:06:40 PM - Removed AVG PC TuneUp 2014
RP246: 11/22/2013 9:07:21 PM - Removed AVG PC TuneUp 2014 (en-US)
RP247: 11/23/2013 3:28:49 AM - Restore Operation
RP248: 12/1/2013 11:29:58 AM - System Checkpoint
.
==== Installed Programs ======================
.
300_saver_01
300_saver_02
6200
6200_Help
6200Trb
AAC Decoder
ACI Collection 32
Acrobat.com
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 6.0
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop Elements 4.0
Adobe Photoshop Elements 5.0
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 12.0
Adobe Stock Photos CS3
Adobe SVG Viewer
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Adv06Setup
AiO_Scan
AiOSoftware
Apex IV (TM) Standard - v3.2
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AutoUpdate
Avery Template
Bing Bar
Bitdefender Total Security 2013
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Copy
Corel Paint Shop Pro Photo XI
Corel Snapfire
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocumentViewer
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Fax
FLV Player 1.3.3
FNT-NY Rate Calculator 4.86
FrostWire 5.2.3
Google Chrome
Google Update Helper
Google Updater
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Diagnostic Assistant
HP FWUpdateEDO2
HP Image Zone 4.2
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP PSC & OfficeJet 4.2
HP Unload DLL Patch
HP Update
HPDiagnosticAlert
HPSystemDiagnostics
I.R.I.S. OCR
ImgBurn (Remove Only)
InstantShare
InstantShareAlert
Intel(R) 537EP V9x DF PCI Modem
Interwise Participant
IsoBuster 1.9.1
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 9
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 18
Memeo AutoSync
Memeo Instant Backup
Memeo Send
Memeo Share
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft MapPoint North America 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Windows XP Video Decoder Checkup Utility
MKV Splitter
MotoCast
Motorola Device Manager
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Nero 7 Ultra Edition
Overland
PDF Settings
PhotoGallery
Picasa 3
PrintScreen
ProductContext
Pure Networks Network Magic
QFolder
QuickProjects
QuickTime
Readme
RipIt4Me
RoboForm 7-8-5-7 (All Users)
Scan
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Smilebox
SoundMAX
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
swMSM
The Weather Channel Toolbar
TrayApp
TweakNow RegCleaner Standard
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URGE
VC80CRTRedist - 8.0.50727.762
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP
WebReg
Webshots Desktop
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
WOT for Internet Explorer
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/11/2013 10:48:33 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 8 time(s).
12/11/2013 10:43:45 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 7 time(s).
12/11/2013 10:39:39 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 6 time(s).
12/11/2013 10:35:13 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 5 time(s).
12/11/2013 10:31:23 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 4 time(s).
12/11/2013 10:30:44 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 3 time(s).
12/11/2013 10:29:03 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 2 time(s).
12/11/2013 10:26:46 AM, error: Service Control Manager [7034] - The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
12/11/2013 10:25:20 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
12/11/2013 10:25:06 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by mike at 15:51:03 on 2013-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1071 [GMT -5:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\Webshots\Webshots.scr
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN23GBR30J05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninst...4de6cdbc6e7c81
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\mike\application data\leadertech\powerregister\Seagate NA1Q2F3L Product Registration.exe
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - hxxp://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} - hxxp://www.blackberry.com/devicesoftware/AxLoader.cab
DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162075251648
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212756700890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://advweb.countrywide.com/supportfiles/msrdp.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{036CE156-8B49-45A0-B79A-F92FB2261C6E} : DHCPNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: Kbdicnet - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\zj3deruv.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\picasa3\npPicasa3.dll
FF - ExtSQL: !HIDDEN! 2009-10-03 10:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-12-11 20:00:53 17248136 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-12-11 15:26:40 -------- d-----w- c:\documents and settings\all users\application data\bdch
2013-12-10 21:13:36 1409 ----a-w- c:\windows\QTFont.for
2013-12-01 14:33:14 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2013-11-23 08:54:59 4940 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-11-23 08:49:10 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-11-23 08:49:10 -------- d-----w- c:\windows\system32\wbem\Repository
2013-11-23 08:31:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-11-20 20:24:39 -------- d-----w- c:\documents and settings\mike\local settings\application data\Avg2014
2013-11-20 16:07:48 -------- d-----w- c:\program files\AVG
.
==================== Find3M ====================
.
2013-12-11 20:02:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 20:02:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-01 14:34:11 165744 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-12-01 14:33:18 360376 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-12-01 14:33:14 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
.
============= FINISH: 16:02:33.93 ===============

need immediate help!

December 12, 2013, 8:29 am
$
0
0
I need immediate solutions, alot of problems occurred in my new laptop, Its Samsung, NP300E5V The main problem is sound problem, our laptop's sound is getting weak, its often vanishes completely, and sometimes when its working fine, and we call someone on skype we hear a disturbing sound first and then the sound gets completely gone! we have Advanced systemcare protector, Mcfee Security Scan, Driver boost, Advanced System care7, smart defrag, reg clean pro and uninstaller working on our computer, is anyone of these software causing the problem, please help!

Brand NEW notebook running very SLOW*EMAILHACKED*REGISTRYERRORS*

December 12, 2013, 10:10 am
$
0
0
Is there anyone available to help cure my notebook? Please?

Computer freezing and lagging.

December 12, 2013, 4:39 pm
$
0
0
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-12 18:35:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH10 596.17GB
Running: jd8n886s.exe; Driver: C:\Users\megan\AppData\Local\Temp\uwdiqpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\windows\system32\wininit.exe[600] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\services.exe[656] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\winlogon.exe[792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[848] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[944] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\System32\svchost.exe[128] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\System32\svchost.exe[380] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[444] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\AUDIODG.EXE[700] C:\windows\System32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1016] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1160] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\System32\spoolsv.exe[1444] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1492] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1596] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\windows\SysWOW64\svchost.exe[1632] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1664] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1740] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1820] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe[1968] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe[508] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\windows\system32\svchost.exe[1184] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\svchost.exe[1360] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2108] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2136] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\windows\system32\taskhost.exe[2520] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2620] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[2628] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\windows\Explorer.EXE[2704] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe[2900] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe[2552] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[1956] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[1228] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2080] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3580] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3744] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3844] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TECO\Teco.exe[608] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000073f111a8 2 bytes [F1, 73]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000073f113a8 2 bytes [F1, 73]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073f11422 2 bytes [F1, 73]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073f11498 2 bytes [F1, 73]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000074c91b41 2 bytes [C9, 74]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000074c91be8 2 bytes [C9, 74]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000074c91c20 2 bytes [C9, 74]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000074c91cd2 2 bytes [C9, 74]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe[3728] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000074c91cf2 2 bytes [C9, 74]
.text C:\windows\system32\SearchIndexer.exe[3560] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe[3320] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\windows\system32\igfxsrvc.exe[3876] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[1244] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3604] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3604] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2872] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe[5116] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[3616] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4624] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe[1140] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000772feecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2956] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076e71465 2 bytes [E7, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2956] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076e714bb 2 bytes [E7, 76]
.text ... * 2
.text C:\Users\megan\Downloads\jd8n886s.exe[3520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f1a2ba 1 byte [62]

---- Services - GMER 2.1 ----

Service C:\windows\system32\drivers\aswFsBlk.sys (*** hidden *** ) [AUTO] aswFsBlk <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswMonFlt.sys (*** hidden *** ) [AUTO] aswMonFlt <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswRdr2.sys (*** hidden *** ) [SYSTEM] aswRdr <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswRvrt.sys (*** hidden *** ) [BOOT] aswRvrt <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswSnx.sys (*** hidden *** ) [SYSTEM] aswSnx <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswSP.sys (*** hidden *** ) [SYSTEM] aswSP <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswTdi.sys (*** hidden *** ) [SYSTEM] aswTdi <-- ROOTKIT !!!
Service C:\windows\system32\drivers\aswVmm.sys (*** hidden *** ) [BOOT] aswVmm <-- ROOTKIT !!!
Service C:\Program Files\AVAST Software\Avast\AvastSvc.exe (*** hidden *** ) [AUTO] avast! Antivirus <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 6
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2535041
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@BootTi meout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@TickTi meout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@Creati onTime 0x20 0xB5 0xD4 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@SetupO perations MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1383242187","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1383242187","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1383242187","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1383242187","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@StartB ootCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383242187@StartT ickCounter 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@ Commited
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@BootTi meout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@TickTi meout 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@Creati onTime 0xD3 0x14 0x3C 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@SetupO perations DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383946045")?DeleteFile("\??\c:\wind ows\system32\drivers\aswsp.sys.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383946045")?DeleteFile("\??\c:\ program files\avast software\avast\setup\inf\aswsp.inf.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383946045")?DeleteFile("\??\c:\prog ram files\avast software\avast\setup\inf\aswsp.cat.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383946045")?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@StartB ootCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@StartT ickCounter 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters\1383946045@LastPa ckageError -1073741772
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ImagePath \??\C:\windows\system32\drivers\aswFsBlk.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description Avast! Mini-filter Driver
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \??\C:\windows\system32\drivers\aswRdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 6
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2535041
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@BootTimeou t 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@TickTimeou t 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@CreationTi me 0x20 0xB5 0xD4 0x85 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@SetupOpera tions MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.1383242187","\??\c:\program files\avast software\avast\ashwebsv.dll",TRUE)?MoveFile("\??\c:\program files\avast software\avast\ashwebsv.dll.sum.1383242187","\??\c:\program files\avast software\avast\ashwebsv.dll.sum",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.1383242187","\??\c:\program files\avast software\avast\avastui.exe",TRUE)?MoveFile("\??\c:\program files\avast software\avast\avastui.exe.sum.1383242187","\??\c:\program files\avast software\avast\avastui.exe.sum",TRUE)?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@StartBootC ounter 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383242187@StartTickC ounter 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@ Commited
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@BootTimeou t 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@TickTimeou t 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@CreationTi me 0xD3 0x14 0x3C 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@SetupOpera tions DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.1383946045")?DeleteFile("\??\c:\wind ows\system32\drivers\aswsp.sys.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\x64\aswsp.sys.sum.1383946045")?DeleteFile("\??\c:\ program files\avast software\avast\setup\inf\aswsp.inf.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.inf.sum.1383946045")?DeleteFile("\??\c:\prog ram files\avast software\avast\setup\inf\aswsp.cat.1383946045")?DeleteFile("\??\c:\program files\avast software\avast\setup\inf\aswsp.cat.sum.1383946045")?
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@StartBootC ounter 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@StartTickC ounter 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\1383946045@LastPackag eError -1073741772
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ImagePath \??\C:\windows\system32\drivers\aswSnx.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ImagePath \??\C:\windows\system32\drivers\aswSP.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \??\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \??\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \??\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \??\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ImagePath \??\C:\windows\system32\drivers\aswTdi.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description aswTdi
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 288
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus\Parameters (not active ControlSet)

---- EOF - GMER 2.1 ----
Viewing all 4746 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Eco Data 4/26/24

Eco Data 4/26/24

April 25, 2024, 5:00 pm
‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

April 25, 2024, 5:51 am
Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am