Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Frostwire/pc protection, etc. problems


  • Please log in to reply

#46
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
afwServ.exe 1844 13,920 K 2,484 K avast! firewall service AVAST Software (Verified) AVAST Software
armsvc.exe 484 2,056 K 420 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
Ati2evxx.exe 1068 2,292 K 672 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
Ati2evxx.exe 1396 2,920 K 1,532 K (Unable to verify) (null)
audiodg.exe 1188 12,068 K 1,380 K (Unable to verify) (null)
AvastSvc.exe 1824 81,532 K 79,348 K avast! Service AVAST Software (Verified) AVAST Software
chrome.exe 3324 33,036 K 22,972 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2412 67,412 K 56,180 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 764 23,920 K 16,248 K Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 508 1,700 K 816 K (Unable to verify) (null)
csrss.exe 576 1,504 K 2,136 K (Unable to verify) (null)
jusched.exe 2256 1,004 K 812 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
lsass.exe 668 3,172 K 1,764 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 676 1,724 K 1,228 K (Unable to verify) (null)
rpcnet.exe 424 1,680 K 732 K rpcnet Absolute Software Corp. (Verified) Absolute Software Corp.
services.exe 656 2,240 K 1,828 K (Unable to verify) (null)
SLsvc.exe 1228 4,896 K 600 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 432 252 K 76 K (Unable to verify) (null)
spoolsv.exe 1968 4,940 K 1,104 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2008 496 K 200 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 648 2,116 K 600 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 840 1,948 K 1,672 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 904 2,768 K 2,812 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1564 3,256 K 1,000 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1080 16,368 K 3,660 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1128 19,096 K 7,796 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1256 6,888 K 2,992 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2000 12,284 K 4,172 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1460 14,024 K 3,904 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 4 0 K 348 K
System Idle Process 0 0 K 24 K
taskeng.exe 1976 1,756 K 1,412 K (Unable to verify) (null)
wininit.exe 568 1,184 K 348 K (Unable to verify) (null)
winlogon.exe 608 1,896 K 824 K (Unable to verify) (null)
wmpnetwk.exe 1312 6,104 K 2,428 K (Unable to verify) (null)
wmpnscfg.exe 3640 1,812 K 1,616 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 1652 2,772 K 3,424 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3584 < 0.01 23,692 K 17,672 K Google Chrome Google Inc. (Verified) Google Inc
sidebar.exe 2288 < 0.01 5,360 K 1,840 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1280 < 0.01 58,932 K 59,256 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3460 < 0.01 60,652 K 43,260 K Google Chrome Google Inc. (Verified) Google Inc
taskeng.exe 2720 < 0.01 9,000 K 3,052 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 2544 < 0.01 21,476 K 18,072 K Google Chrome Google Inc. (Verified) Google Inc
sidebar.exe 3200 < 0.01 6,020 K 3,980 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3424 < 0.01 23,736 K 9,452 K Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 2248 < 0.01 7,952 K 3,876 K avast! Antivirus AVAST Software (Verified) AVAST Software
robotaskbaricon.exe 2304 < 0.01 6,404 K 5,176 K RoboForm TaskBar Icon Siber Systems (Verified) AVAST Software a.s.
explorer.exe 1708 < 0.01 23,772 K 10,392 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Weather.exe 2296 < 0.01 42,548 K 4,112 K AWS Convergence Technologies, Inc. (Unable to verify) AWS Convergence Technologies, Inc.
chrome.exe 3600 1.52 128,368 K 132,680 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2056 1.52 60,476 K 96,168 K Google Chrome Google Inc. (Verified) Google Inc
Interrupts n/a 1.52 0 K 0 K Hardware Interrupts and DPCs
svchost.exe 1116 3.03 41,912 K 31,836 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1728 4.55 35,336 K 28,556 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3412 4.55 19,648 K 19,624 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
chrome.exe 2664 83.33 63,012 K 68,936 K Google Chrome Google Inc. (Verified) Google Inc

Process: System Idle Process Pid: 0

Type Name


I'm hoping i got it when it was at 100% CPU usage. It randomly spikes to 100 and stays there. I'll also have Shockwave Player crashing on me quite often, freezing up the internet page for about 15 to 20 seconds.
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Appears that Chrome.exe is eating up all of your CPU:

chrome.exe 2664 83.33 63,012 K 68,936 K Google Chrome Google Inc. (Verified) Google Inc


Also a lot of your critical Windows files can not be verified which is unusual.

Let's run SFC again:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

sfc  /scannow


Does it finish without complaining?

Can you close Chrome and connect with IE or Firefox and try again?

Let's run a custom OTL scan again and look at the files which can't be verified:


Copy the text in the code box:

/md5start
Ati2evxx.exe 
audiodg.exe 
lsm.exe
smss.exe
taskeng.exe
rsvpsp.dll
wininit.exe 
pnrpnsp.dll 
wmpnetwk.exe
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#48
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
That scan ran without issue. Here's the results of the OTL scan; I'm assuming YahooMP3Tube or whatever it is shouldn't be there?

OTL logfile created on: 01/01/2013 6:15:03 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

893.32 Mb Total Physical Memory | 403.37 Mb Available Physical Memory | 45.15% Memory free
2.00 Gb Paging File | 1.22 Gb Available in Paging File | 60.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.46 Gb Free Space | 59.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 22:08:06 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/01 12:21:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/12/29 09:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/03 06:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2012/12/12 02:16:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 22:00:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/21 04:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1474
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/01 22:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/01 22:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 22:00:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/24 09:46:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 22:00:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/24 09:46:37 | 000,000,000 | ---D | M]

[2012/11/28 16:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2012/12/04 21:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions
[2011/03/29 17:00:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/04 21:52:20 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2011/08/24 00:42:08 | 000,002,115 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\MFGSearch.xml
[2012/11/28 11:18:08 | 000,001,211 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\Mp3Tube.xml
[2012/11/28 12:48:49 | 000,009,944 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\puredefmusic.xml
[2012/12/04 21:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/01 22:06:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/12/04 22:00:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: MF Custom Search (Enabled)
CHR - default_search_provider: search_url = http://starwebsearch...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Surf Canyon = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\4.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4473B18-506E-40FB-8FE1-6CFF51F348FB}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/24 09:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/24 09:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/12/24 09:41:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/24 09:35:40 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/24 09:35:19 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/24 09:35:19 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/24 09:35:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/24 09:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/24 09:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/12/23 23:47:35 | 000,000,000 | ---D | C] -- C:\Users\home\jagexcache1
[2012/12/23 14:19:06 | 000,106,560 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/12/23 14:13:46 | 000,199,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/12/23 14:13:35 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/12/23 14:12:12 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/12/23 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/12/08 12:18:14 | 000,000,000 | ---D | C] -- C:\Users\home\jagexcache
[2012/12/06 20:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Vizzed
[2012/12/06 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vizzed Retro Game Room
[2012/12/06 20:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Vizzed
[2012/12/05 03:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/12/04 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 18:23:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 18:21:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 18:21:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 18:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/01 16:21:57 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013/01/01 16:21:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013/01/01 16:21:39 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/01 16:21:39 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2013/01/01 16:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/01 16:21:22 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/27 14:35:04 | 000,000,024 | ---- | M] () -- C:\Users\home\random.dat
[2012/12/27 13:12:24 | 000,000,043 | ---- | M] () -- C:\Users\home\jagex_cl_runescape_LIVE.dat
[2012/12/24 09:46:38 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 09:35:05 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/24 09:34:59 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/24 09:34:59 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/24 09:34:58 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/24 09:34:55 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/12/24 09:34:55 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/24 09:22:32 | 000,001,754 | ---- | M] () -- C:\Users\home\Desktop\Update Checker.lnk
[2012/12/24 08:54:01 | 000,000,044 | ---- | M] () -- C:\Users\home\jagex_cl_runescape_LIVE1.dat
[2012/12/23 14:13:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/12/23 14:03:00 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/17 18:23:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/15 08:53:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/15 08:53:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/12 02:16:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/12 02:16:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/03 03:00:55 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/24 09:46:38 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 09:46:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/24 09:22:32 | 000,001,784 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/12/24 09:22:32 | 000,001,754 | ---- | C] () -- C:\Users\home\Desktop\Update Checker.lnk
[2012/12/23 23:47:35 | 000,000,044 | ---- | C] () -- C:\Users\home\jagex_cl_runescape_LIVE1.dat
[2012/12/23 14:03:00 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/08 12:18:14 | 000,000,043 | ---- | C] () -- C:\Users\home\jagex_cl_runescape_LIVE.dat
[2012/12/08 12:18:14 | 000,000,024 | ---- | C] () -- C:\Users\home\random.dat
[2012/11/30 09:50:51 | 000,000,761 | ---- | C] () -- C:\Users\home\test.vbs
[2012/11/29 23:23:23 | 000,000,910 | ---- | C] () -- C:\Users\home\workaround.vbs
[2012/11/28 12:57:14 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/09/01 23:08:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/08/01 02:46:28 | 000,003,584 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/03 00:57:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/03 00:57:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/02 23:12:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/24 16:22:56 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/02/24 16:20:59 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: ATI2EVXX.EXE >
[2008/06/03 06:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) MD5=86FB6B8DDBCB6E025CE8A90F77AF1FF1 -- C:\Windows\System32\Ati2evxx.exe
[2008/06/03 06:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) MD5=86FB6B8DDBCB6E025CE8A90F77AF1FF1 -- C:\Windows\System32\DriverStore\FileRepository\cl_64789.inf_07ff27a7\B_64997\Ati2evxx.exe

< MD5 for: AUDIODG.EXE >
[2008/01/20 21:34:43 | 000,088,064 | ---- | M] (Microsoft Corporation) MD5=2A3BD8FF5430F454E146974D6BE5C784 -- C:\Windows\System32\audiodg.exe
[2008/01/20 21:34:43 | 000,088,064 | ---- | M] (Microsoft Corporation) MD5=2A3BD8FF5430F454E146974D6BE5C784 -- C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\audiodg.exe
[2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=3437B9E218A2E4586BEF4F7A3BD00777 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6002.18005_none_788b3d32e1c18b26\audiodg.exe

< MD5 for: CSRSS.EXE >
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: LSM.EXE >
[2008/01/20 21:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) MD5=4774AD6C447E02E954BD9A793614EBEC -- C:\Windows\System32\lsm.exe
[2008/01/20 21:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) MD5=4774AD6C447E02E954BD9A793614EBEC -- C:\Windows\winsxs\x86_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.0.6001.18000_none_a544ccc10a8aaf8d\lsm.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/20 21:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SMSS.EXE >
[2008/01/20 21:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008/01/20 21:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009/04/11 01:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TASKENG.EXE >
[2010/11/05 08:43:51 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=110B5E5AFA79DD8A45A2F6ED738469B9 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db\taskeng.exe
[2010/11/04 11:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3D50C4B10352367D5CB20ED1F50F8DA2 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7\taskeng.exe
[2008/01/20 21:34:32 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=5F109032CE46B7184ED9E50F9FE8489E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\taskeng.exe
[2010/11/04 17:15:29 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=9AF3E523E39FD8C10EDFA3ABA702DC9B -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56\taskeng.exe
[2009/04/11 01:28:07 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=E5BBFC283D6F5D69B41E464676361020 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3\taskeng.exe
[2010/11/04 19:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\System32\taskeng.exe
[2010/11/04 19:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426\taskeng.exe

< MD5 for: USER32.DLL >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Users\home\AppData\Local\Temp\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\System32\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WMPNETWK.EXE >
[2008/01/20 21:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) MD5=3978704576A121A9204F8CC49A301A9B -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/20 21:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) MD5=3978704576A121A9204F8CC49A301A9B -- C:\Windows\winsxs\x86_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.0.6001.18000_none_0386cbd2ce93a16e\wmpnetwk.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< End of report >





OTL logfile created on: 01/01/2013 6:15:03 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\home\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

893.32 Mb Total Physical Memory | 403.37 Mb Available Physical Memory | 45.15% Memory free
2.00 Gb Paging File | 1.22 Gb Available in Paging File | 60.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 44.46 Gb Free Space | 59.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 22:08:06 | 000,096,056 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/01 12:21:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe
PRC - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/12/29 09:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2008/06/03 06:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Services (SafeList) ==========

SRV - [2012/12/12 02:16:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 22:00:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/28 20:40:06 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/09/21 04:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/04/01 04:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 09:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:7.0.1474
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/01 22:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/12/01 22:09:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 22:00:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/24 09:46:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 22:00:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/24 09:46:37 | 000,000,000 | ---D | M]

[2012/11/28 16:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Extensions
[2012/12/04 21:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions
[2011/03/29 17:00:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/04 21:52:20 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2011/08/24 00:42:08 | 000,002,115 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\MFGSearch.xml
[2012/11/28 11:18:08 | 000,001,211 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\Mp3Tube.xml
[2012/11/28 12:48:49 | 000,009,944 | ---- | M] () -- C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\59h4qjxc.default\searchplugins\puredefmusic.xml
[2012/12/04 21:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/01 22:06:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/12/04 22:00:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: MF Custom Search (Enabled)
CHR - default_search_provider: search_url = http://starwebsearch...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Surf Canyon = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\4.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4473B18-506E-40FB-8FE1-6CFF51F348FB}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/24 09:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/12/24 09:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/12/24 09:41:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/24 09:35:40 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/24 09:35:19 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/24 09:35:19 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/24 09:35:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/24 09:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/24 09:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/12/23 23:47:35 | 000,000,000 | ---D | C] -- C:\Users\home\jagexcache1
[2012/12/23 14:19:06 | 000,106,560 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2012/12/23 14:13:46 | 000,199,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2012/12/23 14:13:35 | 000,020,624 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2012/12/23 14:12:12 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2012/12/23 14:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012/12/08 12:18:14 | 000,000,000 | ---D | C] -- C:\Users\home\jagexcache
[2012/12/06 20:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Vizzed
[2012/12/06 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vizzed Retro Game Room
[2012/12/06 20:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Vizzed
[2012/12/05 03:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/12/04 21:59:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 18:23:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/01 18:21:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 18:21:34 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/01 18:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/01 16:21:57 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2013/01/01 16:21:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2013/01/01 16:21:39 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/01 16:21:39 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2013/01/01 16:21:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/01 16:21:22 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/27 14:35:04 | 000,000,024 | ---- | M] () -- C:\Users\home\random.dat
[2012/12/27 13:12:24 | 000,000,043 | ---- | M] () -- C:\Users\home\jagex_cl_runescape_LIVE.dat
[2012/12/24 09:46:38 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 09:35:05 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/24 09:34:59 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/24 09:34:59 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/24 09:34:58 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/24 09:34:55 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/12/24 09:34:55 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/24 09:22:32 | 000,001,754 | ---- | M] () -- C:\Users\home\Desktop\Update Checker.lnk
[2012/12/24 08:54:01 | 000,000,044 | ---- | M] () -- C:\Users\home\jagex_cl_runescape_LIVE1.dat
[2012/12/23 14:13:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/12/23 14:03:00 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/17 18:23:45 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/15 08:53:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/15 08:53:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/12 02:16:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/12 02:16:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/03 03:00:55 | 000,001,356 | ---- | M] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/24 09:46:38 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/12/24 09:46:37 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/24 09:22:32 | 000,001,784 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/12/24 09:22:32 | 000,001,754 | ---- | C] () -- C:\Users\home\Desktop\Update Checker.lnk
[2012/12/23 23:47:35 | 000,000,044 | ---- | C] () -- C:\Users\home\jagex_cl_runescape_LIVE1.dat
[2012/12/23 14:03:00 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/12/08 12:18:14 | 000,000,043 | ---- | C] () -- C:\Users\home\jagex_cl_runescape_LIVE.dat
[2012/12/08 12:18:14 | 000,000,024 | ---- | C] () -- C:\Users\home\random.dat
[2012/11/30 09:50:51 | 000,000,761 | ---- | C] () -- C:\Users\home\test.vbs
[2012/11/29 23:23:23 | 000,000,910 | ---- | C] () -- C:\Users\home\workaround.vbs
[2012/11/28 12:57:14 | 000,001,356 | ---- | C] () -- C:\Users\home\AppData\Local\d3d9caps.dat
[2011/09/01 23:08:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/08/01 02:46:28 | 000,003,584 | ---- | C] () -- C:\Users\home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/04/01 03:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/03/03 00:57:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/03 00:57:14 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/02 23:12:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/24 16:22:56 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/02/24 16:20:59 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: ATI2EVXX.EXE >
[2008/06/03 06:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) MD5=86FB6B8DDBCB6E025CE8A90F77AF1FF1 -- C:\Windows\System32\Ati2evxx.exe
[2008/06/03 06:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) MD5=86FB6B8DDBCB6E025CE8A90F77AF1FF1 -- C:\Windows\System32\DriverStore\FileRepository\cl_64789.inf_07ff27a7\B_64997\Ati2evxx.exe

< MD5 for: AUDIODG.EXE >
[2008/01/20 21:34:43 | 000,088,064 | ---- | M] (Microsoft Corporation) MD5=2A3BD8FF5430F454E146974D6BE5C784 -- C:\Windows\System32\audiodg.exe
[2008/01/20 21:34:43 | 000,088,064 | ---- | M] (Microsoft Corporation) MD5=2A3BD8FF5430F454E146974D6BE5C784 -- C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\audiodg.exe
[2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=3437B9E218A2E4586BEF4F7A3BD00777 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6002.18005_none_788b3d32e1c18b26\audiodg.exe

< MD5 for: CSRSS.EXE >
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: LSM.EXE >
[2008/01/20 21:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) MD5=4774AD6C447E02E954BD9A793614EBEC -- C:\Windows\System32\lsm.exe
[2008/01/20 21:33:15 | 000,229,888 | ---- | M] (Microsoft Corporation) MD5=4774AD6C447E02E954BD9A793614EBEC -- C:\Windows\winsxs\x86_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.0.6001.18000_none_a544ccc10a8aaf8d\lsm.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/20 21:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SMSS.EXE >
[2008/01/20 21:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\System32\smss.exe
[2008/01/20 21:33:22 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009/04/11 01:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TASKENG.EXE >
[2010/11/05 08:43:51 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=110B5E5AFA79DD8A45A2F6ED738469B9 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.22791_none_e5d5a65bd84010db\taskeng.exe
[2010/11/04 11:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3D50C4B10352367D5CB20ED1F50F8DA2 -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18342_none_e7698b5ebc1f53d7\taskeng.exe
[2008/01/20 21:34:32 | 000,169,472 | ---- | M] (Microsoft Corporation) MD5=5F109032CE46B7184ED9E50F9FE8489E -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18000_none_e5ac4d2ebeda6d57\taskeng.exe
[2010/11/04 17:15:29 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=9AF3E523E39FD8C10EDFA3ABA702DC9B -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.22519_none_e81a9bd9d51e4e56\taskeng.exe
[2009/04/11 01:28:07 | 000,169,984 | ---- | M] (Microsoft Corporation) MD5=E5BBFC283D6F5D69B41E464676361020 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6002.18005_none_e797c63abbfc38a3\taskeng.exe
[2010/11/04 19:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\System32\taskeng.exe
[2010/11/04 19:53:47 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=EAFB5897AC9CD84890171AC38862320F -- C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.0.6001.18551_none_e577475abf020426\taskeng.exe

< MD5 for: USER32.DLL >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Users\home\AppData\Local\Temp\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\System32\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WMPNETWK.EXE >
[2008/01/20 21:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) MD5=3978704576A121A9204F8CC49A301A9B -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/20 21:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) MD5=3978704576A121A9204F8CC49A301A9B -- C:\Windows\winsxs\x86_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.0.6001.18000_none_0386cbd2ce93a16e\wmpnetwk.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< End of report >
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
You should be able to change the Yahoo stuff to google.com. http://support.mozil...r-search-engine

If not I can run a script with OTL to remove it.

Let's run Chrome in incognito mode which disables the add-ons and extensions:

See if you can do the stuff under:

Setting up a shortcut to launch Chrome in incognito mode is a simple four-step process:

on http://readwrite.com...o_enter_safe_mo

Then start up Chrome with the shortcut you just made and run Process Explorer again as before and post the log.
  • 0

#50
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
If you say it's fine, I'll leave it. I normally have a distrust of 'tubes' except for YouTube.


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
afwServ.exe 1840 13,756 K 716 K avast! firewall service AVAST Software (Verified) AVAST Software
armsvc.exe 2216 2,304 K 40 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
Ati2evxx.exe 1068 2,300 K 280 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
Ati2evxx.exe 1384 3,040 K 936 K (Unable to verify) (null)
audiodg.exe 1192 12,924 K 7,992 K (Unable to verify) (null)
AvastSvc.exe 1808 76,976 K 20,876 K avast! Service AVAST Software (Verified) AVAST Software
chrome.exe 2340 21,960 K 7,708 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6052 27,628 K 9,068 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6076 26,940 K 14,656 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4668 67,504 K 56,132 K Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 508 1,792 K 1,024 K (Unable to verify) (null)
csrss.exe 576 2,436 K 4,084 K (Unable to verify) (null)
jusched.exe 3000 1,300 K 236 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
lsass.exe 668 3,188 K 2,184 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 676 1,816 K 1,060 K (Unable to verify) (null)
rpcnet.exe 2420 2,152 K 1,200 K rpcnet Absolute Software Corp. (Verified) Absolute Software Corp.
services.exe 656 2,464 K 2,524 K (Unable to verify) (null)
SLsvc.exe 1236 4,892 K 52 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 440 252 K 80 K (Unable to verify) (null)
spoolsv.exe 1972 5,028 K 940 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2544 720 K 44 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 900 3,048 K 2,536 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2288 2,356 K 64 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2500 3,728 K 48 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2004 13,092 K 5,332 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1460 15,856 K 6,900 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1080 16,576 K 3,916 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1128 42,548 K 8,752 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1272 8,324 K 3,572 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1116 52,464 K 40,212 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 836 4,400 K 2,996 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 4 0 K 1,440 K
taskeng.exe 1980 1,888 K 428 K (Unable to verify) (null)
taskeng.exe 2352 4,928 K 440 K (Unable to verify) (null)
wininit.exe 568 1,176 K 44 K (Unable to verify) (null)
winlogon.exe 608 1,912 K 936 K (Unable to verify) (null)
wmpnetwk.exe 2104 7,312 K 2,052 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 3656 1,900 K 668 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2148 2,752 K 388 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 3028 < 0.01 5,776 K 3,012 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5376 < 0.01 31,112 K 13,084 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5960 < 0.01 48,696 K 74,008 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5836 < 0.01 19,544 K 13,968 K Google Chrome Google Inc. (Verified) Google Inc
taskeng.exe 784 < 0.01 9,604 K 3,168 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 2564 < 0.01 6,048 K 3,580 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3900 < 0.01 23,772 K 1,028 K Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 2976 < 0.01 15,012 K 3,648 K avast! Antivirus AVAST Software (Verified) AVAST Software
SndVol.exe 4128 < 0.01 7,876 K 2,128 K Volume Control Applet Microsoft Corporation (Verified) Microsoft Windows
robotaskbaricon.exe 3088 < 0.01 8,712 K 8,228 K RoboForm TaskBar Icon Siber Systems (Verified) AVAST Software a.s.
Weather.exe 3064 < 0.01 48,488 K 3,872 K AWS Convergence Technologies, Inc. (Unable to verify) AWS Convergence Technologies, Inc.
explorer.exe 1712 1.54 25,552 K 23,288 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1760 6.15 39,904 K 27,560 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 5616 6.15 21,516 K 31,756 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 0 84.62 0 K 24 K

Process: System Idle Process Pid: 0

Type Name
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Now we are hardly using any CPU with Chrome

chrome.exe 3900 < 0.01 23,772 K 1,028 K Google Chrome Google Inc. (Verified) Google Inc

I expect it's running a bit faster now.

So some extension or add-on in Chrome is causing the problem. You need to go into Chrome and Disable the offender.

In Chrome, click on the three parallel line icon on the top right then on Settings then on Extensions, Disable each Extension then restart Chrome in normal mode. (I'd check with Process Explorer again and see if it still shows Chrome as only using 0.01 of the CPU). Then enable each extension one at a time restarting Chrome in between until you find the one that cause Chrome.exe to start using a lot of CPU time. Leave that one disabled and see if you can figure out how to uninstall it.
  • 0

#52
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Alright, I'll get that tomorrow when I wake up, thanks. It's gotten faster, mostly from not freezing up. I'm assuming either the bad plugin or the high CPU usage is what would cause shockwave to crash (and in effect slowing my browser down big time/freezing it?)

Edit; I did a quick look at the extensions and it only showed three. Two are Avast, and some Surf Canyon. I'm assuming it's the surf canyon, I'll look into disabling it when I'm awake.

Edited by Psu22UL, 03 January 2013 - 01:19 AM.

  • 0

#53
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I deleted the Surf Canyon. CPU usage is down, however my physical usage seems to be way up. I don't remember it being in the 90's before. Log and I believe it's chrome again:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
afwServ.exe 1840 13,772 K 1,420 K avast! firewall service AVAST Software (Verified) AVAST Software
armsvc.exe 2216 2,304 K 48 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
Ati2evxx.exe 1068 2,300 K 480 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
Ati2evxx.exe 1384 3,044 K 1,780 K (Unable to verify) (null)
audiodg.exe 1192 12,868 K 4,032 K (Unable to verify) (null)
AvastSvc.exe 1808 75,956 K 44,432 K avast! Service AVAST Software (Verified) AVAST Software
chrome.exe 5972 49,972 K 37,352 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4912 24,120 K 6,332 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5080 30,996 K 13,068 K Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 508 1,792 K 456 K (Unable to verify) (null)
jusched.exe 3000 1,300 K 48 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
lsass.exe 668 3,260 K 2,176 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 676 1,896 K 948 K (Unable to verify) (null)
rpcnet.exe 2420 2,152 K 1,584 K rpcnet Absolute Software Corp. (Verified) Absolute Software Corp.
SLsvc.exe 1236 4,892 K 200 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 440 252 K 80 K (Unable to verify) (null)
spoolsv.exe 1972 5,028 K 1,572 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2544 720 K 200 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2500 3,728 K 1,028 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2288 2,376 K 1,192 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 836 4,376 K 2,028 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2004 13,720 K 3,596 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1128 49,948 K 7,348 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 900 3,040 K 2,148 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1116 2.98 51,852 K 32,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 4 1.49 0 K 192 K
taskeng.exe 1980 1,912 K 352 K (Unable to verify) (null)
taskeng.exe 2352 4,928 K 728 K (Unable to verify) (null)
wininit.exe 568 1,232 K 424 K (Unable to verify) (null)
winlogon.exe 608 1,912 K 540 K (Unable to verify) (null)
wmpnetwk.exe 2104 7,340 K 1,612 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 3656 1,900 K 712 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2148 2,752 K 452 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
sidebar.exe 3028 < 0.01 5,776 K 2,672 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 784 < 0.01 9,648 K 2,272 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 2564 < 0.01 6,104 K 3,332 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1312 < 0.01 23,768 K 912 K Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 2976 < 0.01 15,316 K 3,000 K avast! Antivirus AVAST Software (Verified) AVAST Software
SndVol.exe 4128 < 0.01 7,912 K 1,324 K Volume Control Applet Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5796 1.49 462,192 K 362,960 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3824 < 0.01 59,388 K 51,612 K Google Chrome Google Inc. (Verified) Google Inc
robotaskbaricon.exe 3088 < 0.01 8,752 K 5,004 K RoboForm TaskBar Icon Siber Systems (Verified) AVAST Software a.s.
explorer.exe 1712 < 0.01 24,896 K 11,168 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5320 < 0.01 41,152 K 27,856 K Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 1760 1.49 40,004 K 30,460 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Weather.exe 3064 1.49 48,540 K 5,928 K AWS Convergence Technologies, Inc. (Unable to verify) AWS Convergence Technologies, Inc.
chrome.exe 1008 < 0.01 21,484 K 7,848 K Google Chrome Google Inc. (Verified) Google Inc
services.exe 656 2,464 K 1,608 K (Unable to verify) (null)
csrss.exe 576 2,324 K 1,252 K (Unable to verify) (null)
svchost.exe 1080 16,964 K 3,348 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1272 8,840 K 4,372 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3536 < 0.01 45,472 K 73,936 K Google Chrome Google Inc. (Verified) Google Inc
procexp.exe 3152 7.46 20,936 K 20,612 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 1460 16,892 K 6,052 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 83.60 0 K 24 K

Process: System Idle Process Pid: 0

Type Name

I'm going to run Firefox and see if I get the same thing. I'd originally gone to chrome because of firefox messing up. Perhaps a bad plugin there also?
  • 0

#54
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
I deleted the Surf Canyon. CPU usage is down, however my physical usage seems to be way up. I don't remember it being in the 90's before. Log and I believe it's chrome again:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
afwServ.exe 1840 13,772 K 1,420 K avast! firewall service AVAST Software (Verified) AVAST Software
armsvc.exe 2216 2,304 K 48 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
Ati2evxx.exe 1068 2,300 K 480 K ATI External Event Utility EXE Module ATI Technologies Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
Ati2evxx.exe 1384 3,044 K 1,780 K (Unable to verify) (null)
audiodg.exe 1192 12,868 K 4,032 K (Unable to verify) (null)
AvastSvc.exe 1808 75,956 K 44,432 K avast! Service AVAST Software (Verified) AVAST Software
chrome.exe 5972 49,972 K 37,352 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4912 24,120 K 6,332 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5080 30,996 K 13,068 K Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 508 1,792 K 456 K (Unable to verify) (null)
jusched.exe 3000 1,300 K 48 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
lsass.exe 668 3,260 K 2,176 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 676 1,896 K 948 K (Unable to verify) (null)
rpcnet.exe 2420 2,152 K 1,584 K rpcnet Absolute Software Corp. (Verified) Absolute Software Corp.
SLsvc.exe 1236 4,892 K 200 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 440 252 K 80 K (Unable to verify) (null)
spoolsv.exe 1972 5,028 K 1,572 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2544 720 K 200 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2500 3,728 K 1,028 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2288 2,376 K 1,192 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 836 4,376 K 2,028 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2004 13,720 K 3,596 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1128 49,948 K 7,348 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 900 3,040 K 2,148 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1116 2.98 51,852 K 32,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 4 1.49 0 K 192 K
taskeng.exe 1980 1,912 K 352 K (Unable to verify) (null)
taskeng.exe 2352 4,928 K 728 K (Unable to verify) (null)
wininit.exe 568 1,232 K 424 K (Unable to verify) (null)
winlogon.exe 608 1,912 K 540 K (Unable to verify) (null)
wmpnetwk.exe 2104 7,340 K 1,612 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 3656 1,900 K 712 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 2148 2,752 K 452 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
sidebar.exe 3028 < 0.01 5,776 K 2,672 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 784 < 0.01 9,648 K 2,272 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 2564 < 0.01 6,104 K 3,332 K Windows Sidebar Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1312 < 0.01 23,768 K 912 K Google Chrome Google Inc. (Verified) Google Inc
AvastUI.exe 2976 < 0.01 15,316 K 3,000 K avast! Antivirus AVAST Software (Verified) AVAST Software
SndVol.exe 4128 < 0.01 7,912 K 1,324 K Volume Control Applet Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5796 1.49 462,192 K 362,960 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3824 < 0.01 59,388 K 51,612 K Google Chrome Google Inc. (Verified) Google Inc
robotaskbaricon.exe 3088 < 0.01 8,752 K 5,004 K RoboForm TaskBar Icon Siber Systems (Verified) AVAST Software a.s.
explorer.exe 1712 < 0.01 24,896 K 11,168 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5320 < 0.01 41,152 K 27,856 K Google Chrome Google Inc. (Verified) Google Inc
dwm.exe 1760 1.49 40,004 K 30,460 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Weather.exe 3064 1.49 48,540 K 5,928 K AWS Convergence Technologies, Inc. (Unable to verify) AWS Convergence Technologies, Inc.
chrome.exe 1008 < 0.01 21,484 K 7,848 K Google Chrome Google Inc. (Verified) Google Inc
services.exe 656 2,464 K 1,608 K (Unable to verify) (null)
csrss.exe 576 2,324 K 1,252 K (Unable to verify) (null)
svchost.exe 1080 16,964 K 3,348 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1272 8,840 K 4,372 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 3536 < 0.01 45,472 K 73,936 K Google Chrome Google Inc. (Verified) Google Inc
procexp.exe 3152 7.46 20,936 K 20,612 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 1460 16,892 K 6,052 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System Idle Process 0 83.60 0 K 24 K

Process: System Idle Process Pid: 0

Type Name

I'm going to run Firefox and see if I get the same thing. I'd originally gone to chrome because of firefox messing up. Perhaps a bad plugin there also?

Edit: Firefox seems fine with CPU and physical usage. CPU between 10-30, Physical in the 50's.

Edited by Psu22UL, 03 January 2013 - 02:12 PM.

  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP

893.32 Mb Total Physical Memory | 547.01 Mb Available Physical Memory | 61.23% Memory free


Running Vista with only 1 gig is pretty slow and there just is not that much Physical Memory available. I recommend a minimum of 2 G of RAM but 4 would be better for best performance.

If you run Process Explorer and click on Working Set it will sort things in order of memory usage. Appears that Chorme is going to be the worst offender tho.

chrome.exe 5796 1.49 462,192 K 362,960 K Google Chrome Google Inc. (Verified) Google Inc

but Firefox uses 386K on my PC so that's not terribly out of line. The odd thing is the Private Bytes. 462.192 K That seems excessive.

When I run Chrome is brings up 6 Chrome.exe programs but none have Private Bytes over 75,000K and Working Set is maxed at about 85,000 K

You might find put more by trying the Chrome Task Manager:

http://support.googl...en&answer=95672

The Stats for Nerds option on the bottom is kind of interesting too.
  • 0

Advertisements


#56
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Ah, alright. I assumed with the 1 GB it wouldn't be the greatest thing. I got it off a friends family, their son..we'll say he didn't know how to look up certain stuff. I'll assume the computers pretty much good then?
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I think it's clean. Could use some more RAM but it seems to be OK otherwise.
  • 0

#58
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Alright, thank you very much! Side question, not sure if you'd know the answer; what's a decent way to deal with junk mail? I do online surveys when I'm bored in my free time, and one started sending me a ton of junk mail a day. Adding it to ignore doesn't work as it's often emails like [email protected]
  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Can't help much with Junk mail except to say get a second email account (say from gmail.com) and use it for all of your non-personal stuff or tell all your friends about the new gmail account and leave the old one for the spammers and your online surveys and such. gmail has a great spam filter. I have a very old and well-known gmail address and I get a ton of spam but it all goes to the spam folder and I never see it.
  • 0

#60
Psu22UL

Psu22UL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts
Ok, thanks for all the help once again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP