Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse Adinjector.b


  • Please log in to reply

#1
A-G

A-G

    New Member

  • Member
  • Pip
  • 5 posts
My pc is infected with a virus called "Torjan Horse Adinjector.b" It was found by AVG anti virus program (free version). I the directions from another forum on this site:
http://www.geekstogo...jectorb-solved/
Followed every step in order, did the scan on the download OTL and got the two notepad files: OTL.Txt and Extras.Txt

My question is, I'm stuck here. I still have the virus and don't know where to go from here. Any help would be great! Please let me know what I need to do now. Thank you!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy and paste the OTL log into a reply. Attach the Extras log.

Ron
  • 0

#3
A-G

A-G

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
This is Extras.txt:


OTL Extras logfile created on: 8/15/2013 10:57:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 26.41% Memory free
4.19 Gb Paging File | 2.18 Gb Available in Paging File | 52.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 118.04 Gb Free Space | 54.10% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3697875056-3224753802-395575746-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F8608-CD8B-42F3-9D92-A7D2DF7CB0AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{128B58F3-6DD0-4854-B5BA-1F804C819ED5}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{14700920-D76C-4E35-9141-A91C37DC1DC4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1AFAF7FA-8838-4A92-A4FF-278FD571B0B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CA5EF09-AB03-4FFF-B7BE-E6D464A44EDC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2EADF15D-E31F-4912-B533-368043D51B1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{301E055E-347E-4FE8-B900-3FBCEC2509AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B72E93-A1F2-4006-B3D6-CB0666C60C53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E0482AE-3283-4BC7-81CD-79785030E066}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{61C9266F-F7FC-4263-8831-5BC4849D9752}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F1FB04-0461-4757-B6EC-D375C0537E10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AF39CA4-853E-4C6D-9A3F-D78AFF2BB2A5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70858902-6D29-4556-BBE2-E8FF8DDCA8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70E2F0FD-90BE-47FE-9615-CC63EC0320E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7736C8D8-DC69-41E2-AE86-8699759D9718}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82E8923E-5813-44A8-AB37-6A3BE05518BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8CC9A772-9A3D-4933-A074-CC4F268C4D58}" = rport=445 | protocol=6 | dir=out | app=system |
"{941B501E-CFAE-4275-A680-43E666E22A5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB775B31-E778-49AA-B3E3-0712EA09B4BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA49823E-D6FE-419E-8125-28DE9460E24F}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{CA57BAC7-D796-483D-ADBC-82D9BCED28DC}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D878066C-B011-4031-9347-136AB0AFD156}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB33031B-36DD-4DF5-B42B-EBCBA8D68512}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC8CB7D4-1549-49DB-8373-37072232589C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDC0DBBA-AAC0-4D55-A241-987B83EC8DAF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E1B3F551-1F7B-49AB-B8F2-D329B70CA70E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2E03617-6B93-48AC-A05C-2A60DE177AC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3BC39D4-FD16-4D5C-99AF-434B2CD956BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E62FA6F3-C2B7-4C44-B14C-131046E06B42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6908FA3-C827-4378-9310-9910C948D8AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD41BE57-60BD-4BDF-A3DF-2C7CB94500DB}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08433531-5D38-43CC-A45A-9DA628962248}" = protocol=17 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"{0CC891CB-E330-4B94-B342-827E01BCEF03}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12F34922-09C8-4E0C-9480-D40D09DBF3A1}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{15C97474-95B7-4D0F-B12C-F07C7136F031}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{1DAB8AE5-0559-401C-8F41-9422A65154AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1ECDD672-938E-423F-9869-282E6A233C0A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2021E22A-8B50-40D6-89F0-E81AD07E2CC0}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{2409CB09-DF5E-4BD6-BA07-4F4375EE3CDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{255CB4F9-57BE-44F2-AFF6-16BDB4540F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{259C2206-55E6-4BC8-ABB0-447E434F1CD2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{28BF6FD4-4319-49F3-91CB-D87C0FECD10D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{32D0B035-43CE-48A7-A031-81350367DD4A}" = protocol=6 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{377422BB-B8D6-4361-82C0-216028FC7C30}" = protocol=58 | dir=out | [email protected],-28546 |
"{38A3C75A-859D-4D25-90EE-CBF57D2A3F34}" = protocol=17 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{3B78B2DA-F6D8-462B-86F2-FBEF4982E580}" = protocol=1 | dir=in | [email protected],-28543 |
"{5BF34914-34E7-45BD-881D-A1B4CC54CD86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{5FCB1922-5274-44BF-958D-D567CEE3211C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{61344B26-7DFA-417C-81E8-0668D965E84F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{6E82F14D-9FE5-4C53-B1AD-164F0E1C1870}" = protocol=58 | dir=in | [email protected],-28545 |
"{77F38EB6-9B65-432C-9C3C-A47BA85C2408}" = protocol=58 | dir=in | [email protected],-148 |
"{83060903-37FC-4EEE-BF4E-8FB4BDEE40D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{847AF153-2010-48A1-B348-7C0661D83F22}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{84E33041-D43E-4221-934F-E90C5E40DF85}" = protocol=1 | dir=out | [email protected],-28544 |
"{85A7ED42-BDE8-4352-831B-AF812CC86C8C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{862FBBA9-2A0E-4B3D-A828-33A4AC664EE8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A8E70B8C-C009-456E-A3CD-522B7F895EBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE950484-8C16-4B99-9E15-680728C44709}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AF6CB217-8D03-4534-B880-18113C60FA2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2C97B42-03BE-4BE9-9552-B6E6CE3923E8}" = protocol=6 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{B3921D3F-A0A3-4EEE-8EFC-9BB6F79D2801}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{B5F7D31D-9944-4095-BBC6-2E7EACA147DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBDF697B-B8A2-4467-9DAD-F6C33B92CA23}" = protocol=17 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{C1DFAA83-0D8D-4EC9-8392-D096E35E973B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C2EA7968-9075-4D9A-B1AE-EA060619F9A8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CB7F12A9-FDB8-4661-A240-324C57D687A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D0A5BF46-1A4C-4EE1-BF9E-C73F9FFE58DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA8E0499-6AC7-4F57-9321-B4B39BC0D864}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCE1A043-4147-461D-92E1-049A1AA3EDE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFF72126-326F-41CE-95BF-707582FF0EE6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E450F139-7DBA-4739-8A94-A446A786237D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA4E05D4-360F-4E5F-9840-7D00E1BB9B21}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{EBD5B881-1C84-4F2C-BFB7-9E645E7187F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EC1033F2-BEE4-4DA2-9FD9-B1D2632CB433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7EEAB4D-442B-4F62-9A92-51A81BACD9AD}" = protocol=6 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"TCP Query User{1D7C362C-36E6-4704-9563-8002F1D64EA7}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=6 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |
"TCP Query User{2E9FCE75-3F74-4214-942C-DDF68AE51153}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{470DFE71-573C-42CE-92C2-B38C562ECA57}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"TCP Query User{AD748869-49F5-4839-AF70-310EB7F960A5}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{4AF232E2-D6AD-46C7-B9D5-79F0D9CC0A24}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{93B51D3C-71EE-4C44-B859-7F767D4A4401}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{9C804C06-BC09-405C-B44B-19EF43F66E0C}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{E37724AA-1196-4F44-A867-6C2A5E4B9ABA}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=17 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{'2D51C647-8D21-4429-82F1-D71BDBE2D4E4'}_is1" = NetMass SystemSafePro
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11FF6AF6-0141-4EF8-829A-989459A1E5D8}" = EPSON Advanced Printer Driver 4
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Click-N-Ship for Business®
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3044BF70-0D39-4F72-B18F-33DA9E82088C}" = DSIClient Version 2.50.3851 - DSIClientX 3.85
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87D946F1-3B51-401B-9AF1-BDB5CD84261A}" = PCCharge Payment Server
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B021A7CC-A7DB-42F8-9E65-17B5B7B169F6}" = Clover DVR
"{B27B646E-76EA-4412-91D8-A4DFDA8AD152}" = LogMeIn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2092A60-CF79-4996-B5E6-98598E1D6696}" = PCCharge Payment Server
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = ASPCA Reminder by We-Care.com v4.1.22.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"AVG" = AVG 2013
"BabylonToolbar" = Babylon toolbar on IE
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"Creative OEM007" = Integrated Webcam Driver (1.00.01.0720)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark_HostCD" = Lexmark Software Uninstall
"MCLIENT" = Norton Management
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"NIS" = Norton Internet Security
"PRJPRO" = Microsoft Office Project Professional 2007
"ST6UNST #1" = ProSolutions Software, Inc.
"ST6UNST #2" = ProSolutions Software, Inc. (C:\Program Files\PROSALON\)
"ST6UNST #3" = ProSolutions Software, Inc. (c:\Program Files\PROSALON\) #3
"ST6UNST #4" = ProConfirm
"ST6UNST #5" = ProSolutions Software, Inc. (c:\Program Files\ProSolutions\)
"ST6UNST #6" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #3
"ST6UNST #7" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #4
"StartNow Toolbar" = StartNow Toolbar
"VISPRO" = Microsoft Office Visio Professional 2007
"WebDesigner" = Microsoft Expression Web
"WinRAR archiver" = WinRAR archiver
"WNLT" = SweetPacks Updater Service

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2013 10:33:47 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/14/2013 10:38:39 PM | Computer Name = jbh1 | Source = Application Error | ID = 1000
Description = Faulting application StoreGrid.exe, version 0.0.0.0, time stamp 0x510d1793,
faulting module StoreGrid.exe, version 0.0.0.0, time stamp 0x510d1793, exception
code 0xc0000417, fault offset 0x00c72c9c, process id 0xd1c, application start time
0x01ce996064601a14.

Error - 8/14/2013 10:39:34 PM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =

Error - 8/14/2013 10:39:48 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/14/2013 10:39:50 PM | Computer Name = jbh1 | Source = Application Hang | ID = 1002
Description = The program Pandora.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c3c Start Time: 01ce996060e37674 Termination Time: 31

Error - 8/14/2013 10:48:52 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/14/2013 11:05:08 PM | Computer Name = jbh1 | Source = Windows Search Service | ID = 3013
Description =

Error - 8/15/2013 6:00:15 AM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/15/2013 6:41:15 AM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =

Error - 8/15/2013 2:00:56 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

[ OSession Events ]
Error - 9/12/2009 11:58:58 AM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83085
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2009 12:58:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86786
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/23/2009 12:57:40 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86675
seconds with 240 seconds of active time. This session ended with a crash.

Error - 11/27/2009 9:13:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 550
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/28/2010 11:55:47 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2010 2:20:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 351
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/15/2010 11:39:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9448
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/3/2010 6:21:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6620
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 12/3/2010 7:06:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2664
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 9/18/2011 6:57:39 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 143
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/12/2008 10:01:25 PM | Computer Name = jbh1 | Source = HTTP | ID = 15016
Description =

Error - 9/15/2008 2:08:06 PM | Computer Name = jbh1 | Source = Service Control Manager | ID = 7031
Description =

Error - 9/15/2008 2:08:30 PM | Computer Name = jbh1 | Source = Service Control Manager | ID = 7031
Description =

Error - 9/15/2008 2:09:30 PM | Computer Name = jbh1 | Source = Service Control Manager | ID = 7032
Description =

Error - 9/15/2008 2:11:14 PM | Computer Name = jbh1 | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 9/15/2008 3:39:07 PM | Computer Name = jbh1 | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 9/15/2008 3:39:35 PM | Computer Name = jbh1 | Source = HTTP | ID = 15016
Description =

Error - 9/17/2008 10:23:00 PM | Computer Name = jbh1 | Source = Application Popup | ID = 876
Description = Driver DLACDBHM.SYS has been blocked from loading.

Error - 9/17/2008 10:23:24 PM | Computer Name = jbh1 | Source = HTTP | ID = 15016
Description =

Error - 9/18/2008 12:43:59 PM | Computer Name = jbh1 | Source = Service Control Manager | ID = 7011
Description =


< End of report >

And this is OLT.txt:

OTL logfile created on: 8/15/2013 10:57:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 26.41% Memory free
4.19 Gb Paging File | 2.18 Gb Available in Paging File | 52.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 118.04 Gb Free Space | 54.10% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 10:54:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darci\Downloads\OTL.exe
PRC - [2013/08/14 17:34:47 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/08/14 17:34:47 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/08/14 17:34:46 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/27 01:58:08 | 000,021,808 | ---- | M] () -- C:\Windows\System32\ARFC\wrtc.exe
PRC - [2013/05/27 01:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013/05/27 01:58:04 | 001,167,152 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2013/04/30 10:57:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe
PRC - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
PRC - [2012/06/22 06:55:48 | 000,265,952 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2012/05/09 02:20:28 | 002,629,632 | ---- | M] (NetMass Incorporated) -- C:\Program Files\NetMass\SystemSafePro\bin\SGTray.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
PRC - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/14 17:34:47 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/08/14 17:34:47 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/08/14 17:34:47 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/06/12 14:57:42 | 013,140,872 | ---- | M] () -- C:\Users\Darci\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/27 01:58:08 | 000,021,808 | ---- | M] () -- C:\Windows\System32\ARFC\wrtc.exe
MOD - [2013/05/27 01:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013/05/27 01:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013/05/22 22:44:07 | 000,393,168 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/22 22:43:59 | 004,051,408 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/22 22:43:06 | 000,599,504 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/22 22:43:05 | 000,124,368 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/22 22:43:03 | 001,597,392 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/02/05 00:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2013/08/14 17:34:47 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/11 13:48:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/27 01:58:04 | 001,167,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () [Auto | Running] -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe -- (SystemSafePro)
SRV - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/06/22 06:55:48 | 000,265,952 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/07/24 19:26:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe -- (EpsonPOSPort)
SRV - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe -- (EpsonPOSLog)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/08/14 17:34:47 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/08/10 08:33:33 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130814.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/10 08:33:33 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130814.022\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/25 15:10:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 11:29:09 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/25 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/08 09:42:20 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/20 21:41:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/30 10:57:02 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/24 17:43:56 | 000,352,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/04 19:14:18 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/10/03 10:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys -- (ccSet_MCLIENT)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 19:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 19:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/17 14:52:30 | 000,046,336 | ---- | M] (SEIKO EPSON Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMUSBXP.SYS -- (TMUSB)
DRV - [2007/07/19 17:00:00 | 000,235,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vid.sys -- (OEM07Vid)
DRV - [2007/05/17 17:00:04 | 000,014,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vfx.sys -- (OEM07Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [1997/06/12 10:53:18 | 000,026,304 | ---- | M] (MagTek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\magepnt.sys -- (MagEpNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-001AA085B0DA}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-001AA085B0DA}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-001AA085B0DA}
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 C4 DD F0 51 61 CE 01 [binary data]
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-08-14 17:35:28&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...006.10045&st=23
IE - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/06 16:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ [2013/07/25 15:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2013/08/15 03:44:29 | 000,000,000 | ---D | M]

[2013/06/06 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darci\AppData\Roaming\Mozilla\Extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: UTF-8, icon_url: http://cdn.web.sweet...plugin/bing.ico, id: 20, instant_url: , keyword: start.sweetim.com, name: Bing, prepopulate_id: 0, search_terms_replacement_key: , search_url: http://start.sweetpa...006.10045&st=23, suggest_url: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: Google Docs, offline_enabled: true = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive, offline_enabled: true = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube, permissions: [ appNotifications ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search, update_url: http://clients2.goog...ice/update2/crx, version: 0.0.0.20 = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: 18, name: We-Care Reminder, options_page: html/options.html, permissions: [ tabs, http://*/*, https://*/*, webNavigation, webRequest, webRequestBlocking ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1_0\
CHR - Extension: TopArcadeHits, permissions: [ cookies, tabs, http://*/*, https://*/* ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCN17j8JLKorF+VBEKJgK4pj8g17X7JvJhwca8GU6eC+m33Mp7Wts5uLKDpImOPe0r/0VHiO54Bmwz0E9G67599bllrlhbIjHGKLeicrh4hmOaG1zArNN/DLDDUkcxU50odaPSgDoFUsp6TreA9lwoE5ypYw+lGnbo+BJwNe0hnQQIDAQAB, minimum_chrome_version: 24.0, name: Norton Identity Protection, permissions: [ tabs, history ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: SweetPacks Chrome Extension, optional_permissions: [ background, notifications, unlimitedStorage, webNavigation ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.0_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB, name: Gmail, options_page: https://mail.google....il/ca/#settings, permissions: [ notifications ] = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Darci\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Darci - Shortcut.lnk = File not found
O4 - Startup: C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk = C:\Program Files\Pandora\Pandora.exe ()
O4 - Startup: C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Transcend.LNK = C:\Program Files\Prosolutions\Transcend.exe (ProSolutions Software, Inc.)
O4 - Startup: C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DARCI.exe - Shortcut.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3697875056-3224753802-395575746-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F11415F7-59E8-48A6-AD7A-C3F350698541}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 03:12:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 03:02:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 03:02:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 03:02:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 03:02:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 03:02:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 03:02:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 03:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\AVG2013
[2013/08/14 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\AVG SafeGuard toolbar
[2013/08/14 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/14 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\TuneUp Software
[2013/08/14 17:35:21 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/14 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/08/14 17:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/08/14 17:32:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/14 17:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\MFAData
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Avg2013
[2013/08/14 16:50:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 16:49:01 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 16:49:01 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 14:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools SQL Recovery - 5.5(Full Version)
[2013/08/14 14:06:06 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\SysToolsSQLRecovery-5.5_Full
[2013/08/02 09:01:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\VirtualStore
[2013/07/31 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Microsoft Help
[2013/07/31 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\Visual Studio 2005
[2013/07/31 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\SQL Server Management Studio
[2013/07/31 12:16:19 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Citrix
[2013/07/25 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Salon Pics
[2013/07/25 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop
[2013/07/25 15:50:30 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys
[2013/07/25 15:50:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013
[2013/07/25 15:49:02 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/07/25 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\CrashDumps
[2013/07/25 15:39:27 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:38:58 | 000,352,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys
[2013/07/25 15:38:58 | 000,339,544 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symnets.sys
[2013/07/25 15:38:58 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.sys
[2013/07/25 15:38:57 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys
[2013/07/25 15:38:57 | 000,603,224 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys
[2013/07/25 15:38:57 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys
[2013/07/25 15:38:57 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys
[2013/07/25 15:38:57 | 000,134,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys
[2013/07/25 15:38:57 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1404000.028
[2013/07/25 15:38:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/07/25 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/07/25 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/07/20 16:14:24 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Client Follow Up Survey
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/19 15:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemSafePro
[2013/07/19 15:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\NetMass
[2013/07/19 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\Darci\temp
[2013/07/19 14:48:23 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\TeamViewer

========== Files - Modified Within 30 Days ==========

[2013/08/15 10:55:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000UA.job
[2013/08/15 10:48:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 10:32:56 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/08/15 09:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000Core.job
[2013/08/15 09:40:35 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 09:40:35 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 03:39:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 03:38:54 | 002,447,589 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/08/15 03:06:31 | 000,673,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 03:06:31 | 000,130,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 17:35:46 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 17:34:47 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/14 14:52:19 | 011,468,800 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:17 | 121,634,816 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 13:12:53 | 000,000,020 | ---- | M] () -- C:\Users\Darci\LASTDATE.DAT
[2013/08/14 11:52:36 | 000,002,368 | ---- | M] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/12 17:17:36 | 000,000,680 | ---- | M] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/08/10 13:09:35 | 000,021,555 | ---- | M] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:57 | 000,002,048 | ---- | M] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | M] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | M] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/08/01 10:13:33 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/25 15:58:19 | 000,000,919 | ---- | M] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:39:27 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:33:33 | 000,000,865 | ---- | M] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/07/24 19:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/24 19:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/24 19:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/24 19:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/24 19:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/24 19:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/24 19:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/24 19:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
[2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2013/07/19 15:29:04 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystemSafePro.lnk
[2013/07/19 15:29:04 | 000,000,111 | ---- | M] () -- C:\Users\Darci\Desktop\SystemSafePro Web Console.url
[2013/07/19 15:29:04 | 000,000,111 | ---- | M] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemSafePro Web Console.url
[2013/07/18 19:30:44 | 000,000,481 | ---- | M] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Blank MW - Shortcut.lnk
[2013/07/17 12:41:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files Created - No Company Name ==========

[2013/08/14 17:35:46 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 14:53:31 | 011,468,800 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:46 | 121,634,816 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 11:52:35 | 000,002,368 | ---- | C] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/10 13:09:32 | 000,021,555 | ---- | C] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:56 | 000,002,048 | ---- | C] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | C] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | C] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/07/29 18:09:02 | 000,000,680 | ---- | C] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/07/25 17:05:30 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\VT20130115.021
[2013/07/25 15:58:19 | 000,000,919 | ---- | C] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:50:27 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat
[2013/07/25 15:50:27 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf
[2013/07/25 15:50:27 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini
[2013/07/25 15:39:32 | 002,447,589 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/07/25 15:39:27 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:38:49 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.inf
[2013/07/25 15:38:49 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.inf
[2013/07/25 15:38:49 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNetV.inf
[2013/07/25 15:38:49 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.inf
[2013/07/25 15:38:49 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.inf
[2013/07/25 15:38:49 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.inf
[2013/07/25 15:38:49 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symELAM.inf
[2013/07/25 15:38:49 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.inf
[2013/07/25 15:38:49 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Iron.inf
[2013/07/25 15:38:48 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymVTcer.dat
[2013/07/25 15:38:48 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.cat
[2013/07/25 15:38:48 | 000,008,067 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.cat
[2013/07/25 15:38:48 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symnetv.cat
[2013/07/25 15:38:48 | 000,007,667 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.cat
[2013/07/25 15:38:48 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\iron.cat
[2013/07/25 15:38:48 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.cat
[2013/07/25 15:38:48 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.cat
[2013/07/25 15:38:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
[2013/07/25 15:33:33 | 000,000,865 | ---- | C] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/07/19 15:29:04 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SystemSafePro.lnk
[2013/07/19 15:29:04 | 000,000,111 | ---- | C] () -- C:\Users\Darci\Desktop\SystemSafePro Web Console.url
[2013/07/19 15:29:04 | 000,000,111 | ---- | C] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemSafePro Web Console.url
[2013/07/18 19:30:44 | 000,000,481 | ---- | C] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Blank MW - Shortcut.lnk
[2013/06/06 16:01:11 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/06 15:59:36 | 001,167,152 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013/06/06 15:59:36 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013/06/04 15:03:53 | 000,000,020 | ---- | C] () -- C:\Users\Darci\LASTDATE.DAT
[2013/06/04 13:31:47 | 000,003,584 | ---- | C] () -- C:\Users\Darci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 11:33:48 | 000,113,224 | ---- | C] () -- C:\Users\Darci\g2ax_customer_downloadhelper_win32_x86.exe
[2013/06/04 11:24:31 | 000,000,160 | ---- | C] () -- C:\Users\Darci\PTRASIGN.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\WSNUMBER.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\REGNUMBR.DAT
[2013/05/22 08:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/12/02 13:06:48 | 000,000,125 | ---- | C] () -- C:\Windows\System32\mspcu.dll
[2012/11/04 01:48:29 | 000,190,608 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/07/02 12:23:46 | 000,000,135 | ---- | C] () -- C:\Windows\System32\mspcea.dll
[2012/03/14 09:57:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/27 15:52:58 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2011/10/27 15:52:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2011/10/27 15:52:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2011/10/27 15:52:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2011/10/27 15:52:21 | 001,040,384 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2011/10/27 15:52:21 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2011/10/27 15:52:20 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2011/10/27 15:52:20 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2011/10/27 15:52:19 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2011/10/27 15:52:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2011/10/27 15:52:18 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2011/10/27 15:52:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2011/10/27 15:52:18 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2011/10/27 15:52:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2011/10/27 15:51:12 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2011/10/27 15:51:09 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2009/07/31 17:18:12 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 05:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 19:24:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 19:24:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 19:24:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 21:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 19:25:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/10 23:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 19:24:35 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/10 23:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/10 23:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 19:25:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 19:24:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 19:24:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 19:24:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 19:25:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/10 23:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/10 23:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 19:24:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/10 23:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 19:24:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 09:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/10 23:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/10 23:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/10 23:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 19:23:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/10 23:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/10 23:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/10 23:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 12:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 04:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CNF >
[2011/10/04 12:26:59 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\jbh-1\Documents\My Web Sites\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2013/02/25 13:25:19 | 000,004,000 | ---- | M] () MD5=A24284F0A83867AB16B151405519F056 -- C:\Program Files\Prosolutions\BACKUP\Wednesday12\SERVICES.DAT
[2013/02/25 13:25:19 | 000,004,000 | ---- | M] () MD5=A24284F0A83867AB16B151405519F056 -- C:\Program Files\Prosolutions\DATA\SERVICES.DAT
[2006/06/01 14:55:48 | 000,004,000 | ---- | M] () MD5=EF51653424C8EBEB957263C5494D1AF1 -- C:\Program Files\Prosolutions\WATERS8\SERVICES.DAT

< MD5 for: SERVICES.EXE >
[2008/01/20 19:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 05:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 05:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.HTM >
[2006/10/26 20:42:16 | 000,003,140 | ---- | M] () MD5=065B93C99612C4DED50A5B82D1907D7A -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz4.tem\SERVICES.HTM
[2006/10/26 20:42:24 | 000,003,127 | ---- | M] () MD5=8637B342EC124A00EC27DFCE45A3FCB7 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz5.tem\SERVICES.HTM
[2006/10/26 20:42:00 | 000,003,657 | ---- | M] () MD5=9B68D7B32277521CB5240E7AFFD75ED3 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz2.tem\SERVICES.HTM
[2006/10/26 20:41:52 | 000,003,687 | ---- | M] () MD5=A208808966BAB0309243FFB278B919EF -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz1.tem\SERVICES.HTM
[2006/10/26 20:42:32 | 000,003,114 | ---- | M] () MD5=C921BDE5D523A04DE3A7319B6C8E38A2 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz6.tem\SERVICES.HTM
[2006/10/26 20:42:08 | 000,003,655 | ---- | M] () MD5=CF0DF3B55D7754DE445768728CF3EB66 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz3.tem\SERVICES.HTM

< MD5 for: SERVICES.JPG >
[2005/08/26 10:38:58 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz1.tem\SERVICES.JPG
[2005/08/26 10:46:14 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz2.tem\SERVICES.JPG
[2005/08/26 10:46:42 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz3.tem\SERVICES.JPG
[2005/08/26 10:47:18 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz4.tem\SERVICES.JPG
[2005/08/26 10:52:10 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz5.tem\SERVICES.JPG
[2005/08/26 10:52:32 | 000,009,430 | ---- | M] () MD5=5B42FB058ED1B06EC596BDCF3253CBD5 -- C:\Program Files\Microsoft Expression\Templates\1033\WEBS12\smallbiz6.tem\SERVICES.JPG

< MD5 for: SERVICES.LNK >
[2008/01/20 19:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 05:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 05:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.ONE (ON 8-4-2011).ONE >
[2011/08/04 12:17:28 | 000,115,808 | ---- | M] () MD5=29AA0A85C3605E9FA76CCE73872DFA9E -- C:\Users\jbh-1\AppData\Local\Microsoft\OneNote\12.0\Backup\Laura Wade\Services.one (On 8-4-2011).one

< MD5 for: SERVICES.ONE (ON 8-7-2011).ONE >
[2011/08/07 12:27:58 | 000,114,864 | ---- | M] () MD5=91CB0AD7AD70D5A9FBEEC7BA442EE67B -- C:\Users\jbh-1\AppData\Local\Microsoft\OneNote\12.0\Backup\Laura Wade\Services.one (On 8-7-2011).one

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is A26B-368D
Directory of C:\
11/02/2006 06:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 06:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 06:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 06:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 06:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 06:02 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 06:02 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 06:02 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 06:02 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 06:02 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Darci
06/04/2013 11:23 AM <JUNCTION> Application Data [C:\Users\Darci\AppData\Roaming]
06/04/2013 11:23 AM <JUNCTION> Cookies [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Cookies]
06/04/2013 11:23 AM <JUNCTION> Local Settings [C:\Users\Darci\AppData\Local]
06/04/2013 11:23 AM <JUNCTION> My Documents [C:\Users\Darci\Documents]
06/04/2013 11:23 AM <JUNCTION> NetHood [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/04/2013 11:23 AM <JUNCTION> PrintHood [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/04/2013 11:23 AM <JUNCTION> Recent [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Recent]
06/04/2013 11:23 AM <JUNCTION> SendTo [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\SendTo]
06/04/2013 11:23 AM <JUNCTION> Start Menu [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu]
06/04/2013 11:23 AM <JUNCTION> Templates [C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Darci\AppData\Local
06/04/2013 11:23 AM <JUNCTION> Application Data [C:\Users\Darci\AppData\Local]
06/04/2013 11:23 AM <JUNCTION> History [C:\Users\Darci\AppData\Local\Microsoft\Windows\History]
06/04/2013 11:23 AM <JUNCTION> Temporary Internet Files [C:\Users\Darci\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Darci\Documents
06/04/2013 11:23 AM <JUNCTION> My Music [C:\Users\Darci\Music]
06/04/2013 11:23 AM <JUNCTION> My Pictures [C:\Users\Darci\Pictures]
06/04/2013 11:23 AM <JUNCTION> My Videos [C:\Users\Darci\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 06:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 06:02 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 06:02 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 06:02 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 06:02 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 06:02 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 06:02 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 06:02 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 06:02 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 06:02 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 06:02 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 06:02 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 06:02 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 06:02 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 06:02 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\jbh-1
07/24/2008 02:45 PM <JUNCTION> Application Data [C:\Users\jbh-1\AppData\Roaming]
07/24/2008 02:45 PM <JUNCTION> Cookies [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Cookies]
07/24/2008 02:45 PM <JUNCTION> Local Settings [C:\Users\jbh-1\AppData\Local]
07/24/2008 02:45 PM <JUNCTION> My Documents [C:\Users\jbh-1\Documents]
07/24/2008 02:45 PM <JUNCTION> NetHood [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/24/2008 02:45 PM <JUNCTION> PrintHood [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/24/2008 02:45 PM <JUNCTION> Recent [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Recent]
07/24/2008 02:45 PM <JUNCTION> SendTo [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\SendTo]
07/24/2008 02:45 PM <JUNCTION> Start Menu [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Start Menu]
07/24/2008 02:45 PM <JUNCTION> Templates [C:\Users\jbh-1\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\jbh-1\AppData\Local
07/24/2008 02:45 PM <JUNCTION> Application Data [C:\Users\jbh-1\AppData\Local]
07/24/2008 02:45 PM <JUNCTION> History [C:\Users\jbh-1\AppData\Local\Microsoft\Windows\History]
07/24/2008 02:45 PM <JUNCTION> Temporary Internet Files [C:\Users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\jbh-1\Documents
07/24/2008 02:45 PM <JUNCTION> My Music [C:\Users\jbh-1\Music]
07/24/2008 02:45 PM <JUNCTION> My Pictures [C:\Users\jbh-1\Pictures]
07/24/2008 02:45 PM <JUNCTION> My Videos [C:\Users\jbh-1\Videos]
0 File(s) 0 bytes
Directory of C:\Users\LogMeInRemoteUser
06/07/2013 10:18 AM <JUNCTION> Application Data [C:\Users\LogMeInRemoteUser\AppData\Roaming]
06/07/2013 10:18 AM <JUNCTION> Cookies [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Cookies]
06/07/2013 10:18 AM <JUNCTION> Local Settings [C:\Users\LogMeInRemoteUser\AppData\Local]
06/07/2013 10:18 AM <JUNCTION> My Documents [C:\Users\LogMeInRemoteUser\Documents]
06/07/2013 10:18 AM <JUNCTION> NetHood [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/07/2013 10:18 AM <JUNCTION> PrintHood [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/07/2013 10:18 AM <JUNCTION> Recent [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Recent]
06/07/2013 10:18 AM <JUNCTION> SendTo [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\SendTo]
06/07/2013 10:18 AM <JUNCTION> Start Menu [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu]
06/07/2013 10:18 AM <JUNCTION> Templates [C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\LogMeInRemoteUser\AppData\Local
06/07/2013 10:18 AM <JUNCTION> Application Data [C:\Users\LogMeInRemoteUser\AppData\Local]
06/07/2013 10:18 AM <JUNCTION> History [C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\History]
06/07/2013 10:18 AM <JUNCTION> Temporary Internet Files [C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\LogMeInRemoteUser\Documents
06/07/2013 10:18 AM <JUNCTION> My Music [C:\Users\LogMeInRemoteUser\Music]
06/07/2013 10:18 AM <JUNCTION> My Pictures [C:\Users\LogMeInRemoteUser\Pictures]
06/07/2013 10:18 AM <JUNCTION> My Videos [C:\Users\LogMeInRemoteUser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 06:02 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 06:02 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 06:02 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
08/21/2008 06:11 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/21/2008 06:11 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/21/2008 06:11 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
08/21/2008 06:11 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
08/21/2008 06:11 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/21/2008 06:11 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/21/2008 06:11 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
08/21/2008 06:11 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
08/21/2008 06:11 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
08/21/2008 06:11 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/21/2008 06:11 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/21/2008 06:11 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/21/2008 06:11 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
95 Dir(s) 126,583,652,352 bytes free

< End of report >

Edited by A-G, 16 August 2013 - 01:08 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
You have both AVG and Norton anti-viruses. One is all you want as they will fight each other. Uninstall one.

Then run the appropriate cleanup utility (remember to right click and Run As Admin):
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Reboot

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 6 Update 31
Java 6 Update 7

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Uninstall:
Babylon toolbar on IE
StartNow Toolbar


Download the adwCleaner
Pause your anti-virus. Close all browsers.
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Got to go to bed now. It's after midnight here.
  • 0

#5
A-G

A-G

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry I replied so late, it took me a few days to finish...

AdwCleaner:


# AdwCleaner v2.306 - Logfile created 08/17/2013 at 23:24:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : Darci - JBH1
# Boot Mode : Normal
# Running from : C:\Users\Darci\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService
Stopped & Deleted : Updater By SweetPacks

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\Windows\system32\jmdp
Deleted on reboot : C:\Windows\system32\Zynga
Deleted on reboot : C:\Windows\system32\Zynga
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Darci\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Darci\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\jbh-1\AppData\Local\Babylon
Folder Deleted : C:\Users\jbh-1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\jbh-1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\jbh-1\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jbh-1\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\jbh-1\AppData\Roaming\Babylon
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16502

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={BDFB4E99-CEFC-11E2-A45A-001AA085B0DA} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={BDFB4E99-CEFC-11E2-A45A-001AA085B0DA} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\jbh-1\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.50] : icon_url = "hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/bing.ico",
Deleted [l.53] : keyword = "start.sweetim.com",
Deleted [l.57] : search_url = "hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={BDFB4E99-CEFC-11E2-A45[...]

*************************

AdwCleaner[S1].txt - [16907 octets] - [17/08/2013 23:24:43]

########## EOF - C:\AdwCleaner[S1].txt - [16968 octets] ##########


Junkware Removal Tool:






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows Vista ™ Business x86
Ran by Darci on Sat 08/17/2013 at 23:47:10.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 23:53:08.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



aswMBR:






aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-18 01:00:33
-----------------------------
01:00:33.144 OS Version: Windows 6.0.6002 Service Pack 2
01:00:33.144 Number of processors: 2 586 0xF0D
01:00:33.145 ComputerName: JBH1 UserName:
01:00:35.326 Initialize success
01:01:16.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:01:16.297 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
01:01:16.491 Disk 0 MBR read successfully
01:01:16.494 Disk 0 MBR scan
01:01:16.497 Disk 0 Windows VISTA default MBR code
01:01:16.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 15 MB offset 63
01:01:16.537 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 32768
01:01:16.576 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223401 MB offset 30752768
01:01:16.581 Disk 0 scanning sectors +488278016
01:01:16.951 Disk 0 scanning C:\Windows\system32\drivers
01:01:50.125 Service scanning
01:02:42.868 Modules scanning
01:03:10.259 Scan finished successfully
01:04:06.760 Disk 0 MBR has been saved successfully to "C:\Users\Darci\Desktop\MBR.dat"
01:04:06.778 The log file has been saved successfully to "C:\Users\Darci\Desktop\aswMBR.txt"






ComboFix ran and at end did not create a ComboFix.txt but instead created a "log.txt' which is below:


ComboFix 13-08-16.03 - Darci 08/18/2013 1:17.1.2 - x86

Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2022.717 [GMT -7:00]

Running from: c:\users\Darci\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-

6E49CB52ECD9}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Pandora\Pandora.exe

c:\programdata\DragToDiscUserNameE.txt

c:\programdata\uninstaller.exe

c:\users\Darci\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\_3PQANz2Ryi-9Pv

c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\ojLBX9gu-_h

c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\P9gDh-lgD_

c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\txQ__C-Ed

c:\users\jbh-1\AppData\Roaming\.#

c:\users\jbh-1\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\jbh-1\g2mdlhlpx.exe

c:\windows\system32\config\systemprofile\g2ax_customer_downloadhelper_win32_x86.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))))))

.

.

2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----wc:\users\LogMeInRemoteUser\AppData\Local\temp

2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----w- c:\users\jbh-1\AppData\Local\temp

2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-18 06:47 . 2013-08-18 06:47 -------- d-----w- c:\windows\ERUNT

2013-08-18 06:25 . 2013-08-18 06:25 233 ----a-w- c:\windows\DeleteOnReboot.bat

2013-08-15 10:12 . 2013-08-15 10:17 -------- d-----w- c:\windows\system32\MRT

2013-08-15 00:37 . 2013-08-15 00:37 -------- d-----w- c:\users\Darci\AppData\Roaming\AVG2013

2013-08-15 00:36 . 2013-08-15 00:36 -------- d-----w- c:\users\Darci\AppData\Local\AVG SafeGuard

toolbar

2013-08-15 00:35 . 2013-08-15 00:35 -------- d-----w- c:\users\Darci\AppData\Roaming\TuneUp

Software

2013-08-15 00:35 . 2013-08-16 01:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-08-15 00:35 . 2013-08-15 02:48 -------- d-----w- c:\programdata\AVG SafeGuard toolbar

2013-08-15 00:35 . 2013-08-18 06:25 -------- d-----w- c:\program files\Common Files\AVG Secure

Search

2013-08-15 00:35 . 2013-08-16 01:41 -------- d-----w- c:\program files\AVG SafeGuard toolbar

2013-08-15 00:32 . 2013-08-15 00:32 -------- d-----w- C:\$AVG

2013-08-15 00:32 . 2013-08-15 02:29 -------- d-----w- c:\programdata\AVG2013

2013-08-15 00:27 . 2013-08-15 00:42 -------- d-----w- c:\users\Darci\AppData\Local\Avg2013

2013-08-15 00:27 . 2013-08-15 00:27 -------- d-----w- c:\users\Darci\AppData\Local\MFAData

2013-08-14 23:50 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 23:49 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll

2013-08-14 23:49 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-14 23:49 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 23:49 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-14 23:49 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 23:49 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 23:49 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 23:46 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 23:46 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 23:46 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 23:46 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 21:07 . 2013-08-14 21:46 -------- d-----w- c:\program files\SysTools SQL Recovery -

5.5(Full Version)

2013-08-02 16:01 . 2013-08-07 00:26 -------- d-----w- c:\users\Darci\AppData\Local\VirtualStore

2013-07-31 21:20 . 2013-07-31 21:20 -------- d-----w- c:\users\Darci\AppData\Local\Microsoft Help

2013-07-31 19:16 . 2013-07-31 19:16 -------- d-----w- c:\users\Darci\AppData\Local\Citrix

2013-07-25 22:54 . 2013-07-25 22:54 -------- d-----wc:\users\Darci\AppData\Roaming\com.pandora.desktop

2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\windows\system32\drivers\MCLIENT

2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\program files\Norton Management

2013-07-25 22:49 . 2013-03-05 02:14 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2013-07-25 22:44 . 2013-08-18 08:31 -------- d-----w- c:\users\Darci\AppData\Local\CrashDumps

2013-07-25 22:39 . 2013-07-25 22:39 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\windows\system32\drivers\NIS

2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\program files\Norton Internet Security

2013-07-25 22:38 . 2013-07-25 22:50 -------- d-----w- c:\program files\NortonInstaller

2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\programdata\NortonInstaller

2013-07-23 11:16 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows

Defender\Definition Updates\{D1D01992-1F20-427E-8D0F-AFC785995EB7}\mpengine.dll

2013-07-20 08:51 . 2013-07-20 08:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-07-20 08:50 . 2013-07-20 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-07-20 08:50 . 2013-07-20 08:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-07-20 08:50 . 2013-07-20 08:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-07-19 22:28 . 2004-11-21 01:37 266324 ----a-w- c:\program files\Uninstall

Information\NetMass\SGService.exe

2013-07-19 22:28 . 2013-07-19 22:28 -------- d-----w- c:\program files\NetMass

2013-07-19 22:28 . 2013-07-19 22:27 824064 ----a-w- c:\program files\Uninstall

Information\NetMass\unins000.exe

2013-07-19 21:48 . 2013-07-19 21:48 -------- d-----w- c:\users\Darci\temp

2013-07-19 21:48 . 2013-07-19 21:48 -------- d-----w- c:\users\Darci\AppData\Roaming\TeamViewer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-10 08:32 . 2013-07-10 08:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-07-01 08:45 . 2013-07-01 08:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2013-06-11 20:48 . 2012-04-15 19:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-11 20:48 . 2011-06-02 21:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-08 16:42 . 2013-06-07 16:41 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2013-06-08 16:42 . 2013-06-09 18:02 92488 ----a-w- c:\windows\system32\LMIinit.dll

2013-06-04 16:50 . 2008-07-26 17:44 286720 ------w- c:\windows\Setup1.exe

2013-06-04 16:50 . 2008-07-26 17:44 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-06-04 16:48 . 2013-06-04 16:48 251472 ----a-w- c:\windows\system32\temp.00B

2013-06-04 16:48 . 2013-06-04 16:48 115920 ----a-w- c:\windows\system32\temp.00A

2013-06-04 16:46 . 2013-06-04 16:46 140288 ----a-w- c:\windows\system32\temp.009

2013-06-04 16:45 . 2013-06-04 16:45 1142776 ----a-w- c:\windows\system32\temp.008

2013-06-04 01:50 . 2013-07-10 15:42 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-06-01 04:06 . 2013-07-10 15:41 505344 ----a-w- c:\windows\system32\qedit.dll

2013-05-22 15:21 . 2013-05-22 15:21 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

[2012-10-12 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver

4\Tools\EAPSV\EAPSV.EXE" [2008-05-02 210304]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-04-30 63048]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]

.

c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Transcend.LNK - c:\program files\Prosolutions\Transcend.exe [2012-7-12 53805056]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PCCharge Payment Server.lnk - c:\active-charge\Active-Charge.Exe [2011-11-1 19103744]

SystemSafePro.lnk - c:\program files\NetMass\SystemSafePro\bin\SGTray.exe [2013-7-19 2629632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2011-08-30 20:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EpsonAPD4SV]

2008-05-02 18:13 210304 ----a-w- c:\program files\EPSON\EPSON Advanced Printer Driver

4\Tools\EAPSV\EAPSV.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 18:37 81920 ----a-w- c:\program files\Common

Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-09-10 07:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2013-04-30 17:57 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM07Mon.exe]

2007-07-20 00:00 36864 ----a-w- c:\windows\OEM07Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3697875056-3224753802-

395575746-1000]

"EnableNotificationsRef"=dword:00000003

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:48]

.

2013-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-

1000Core.job

- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]

.

2013-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-

1000UA.job

- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat

8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/

AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Darci - Shortcut.lnk -

c:\program files\Prosolutions\Darci.exe

c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk -

c:\program files\Pandora\Pandora.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

MSConfigStartUp-BrStsWnd - c:\program files\Brownie\BrstsWnd.exe

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

AddRemove-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1 - c:\program files\Updater By

SweetPacks\unins000.exe

AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} -

c:\users\Darci\AppData\Local\TopArcadeHits\uninstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-08-18 01:32

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]

"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m

\"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m

\"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"

.

Completion time: 2013-08-18 01:35:10

ComboFix-quarantined-files.txt 2013-08-18 08:35

.

Pre-Run: 127,570,608,128 bytes free

Post-Run: 146,805,506,048 bytes free

.

- - End Of File - - 6FBE03D9D22111D0B44E4A1FB922BC41

5C616939100B85E558DA92B899A0FC36





TDDSKiller did not ask to restart and after scan (detected 9 threats but none were TDSS therefore did not delete anything). And it did not create a TDDSKiller.txt log file.

2nd try, restarted computer on my own, and reran scan, same detection and no TDSSKiller.txt log file.





Malwarebytes:





Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.18.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Darci :: JBH1 [administrator]

Protection: Enabled

8/18/2013 10:29:12 AM
mbam-log-2013-08-18 (10-29-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285492
Time elapsed: 13 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\1878e18.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)



VEW SYSTEM:







Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/08/2013 10:50:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/08/2013 12:06:59 AM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 73000. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 19/08/2013 12:06:06 AM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 11:51:58 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 58388. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 11:43:48 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 11:41:54 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30968. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 11:12:58 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 78240. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 11:12:09 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 10:49:18 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 10:48:51 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:42:45 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 63752. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:41:35 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:38:37 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:37:46 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:11:34 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 47108. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:07:34 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document Test Page, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 84428. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:04:54 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document Test Page, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 84428. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:01:05 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 56944. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:00:45 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 9:00:06 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

Log: 'System' Date/Time: 18/08/2013 8:53:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/08/2013 8:53:49 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: Server Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 18/08/2013 8:30:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/08/2013 8:30:56 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 18/08/2013 8:30:54 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: Server Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 18/08/2013 8:08:30 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 18/08/2013 8:08:27 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll




VEW APPLICATION:







Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/08/2013 10:52:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/08/2013 2:31:18 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bf3408e3-1ba5-471c-8306-e98c6c836cc0}

Log: 'Application' Date/Time: 19/08/2013 2:30:10 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bf3408e3-1ba5-471c-8306-e98c6c836cc0}

Log: 'Application' Date/Time: 18/08/2013 8:53:49 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 18/08/2013 8:30:53 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/08/2013 8:30:50 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008_Classes:
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES


Log: 'Application' Date/Time: 18/08/2013 8:30:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008:
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008\Software\Microsoft\Direct3D


Log: 'Application' Date/Time: 18/08/2013 8:07:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008_Classes:
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Process 1740 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 18/08/2013 8:07:36 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008:
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008\Software\Microsoft\Direct3D






OTL:








OTL logfile created on: 8/18/2013 10:59:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.87% Memory free
4.18 Gb Paging File | 2.43 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 137.89 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 18:41:22 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/15 10:54:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darci\Desktop\OTL.exe
PRC - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2013/04/30 10:57:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe
PRC - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
PRC - [2011/08/11 15:31:44 | 019,103,744 | ---- | M] (VeriFone, Inc.) -- C:\Active-Charge\Active-Charge.Exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
PRC - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/12 14:57:42 | 013,140,872 | ---- | M] () -- C:\Users\Darci\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/22 22:44:07 | 000,393,168 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/22 22:43:59 | 004,051,408 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/22 22:43:03 | 001,597,392 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/07/09 15:02:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\ssleay32.dll
MOD - [2003/07/09 15:01:56 | 000,843,776 | ---- | M] () -- C:\Windows\System32\libeay32.dll
MOD - [2002/08/01 17:00:20 | 000,729,088 | ---- | M] () -- C:\Windows\System32\SaxComm8.ocx
MOD - [1995/11/05 21:39:08 | 000,158,720 | ---- | M] () -- C:\Windows\System32\vsview32.ocx


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2013/08/15 18:41:22 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/06/11 13:48:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () [Auto | Running] -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe -- (SystemSafePro)
SRV - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/07/24 19:26:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe -- (EpsonPOSPort)
SRV - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe -- (EpsonPOSLog)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Darci\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/08/16 11:40:54 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130818.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/16 11:40:54 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130818.004\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/15 18:41:22 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/25 15:10:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 11:29:09 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/25 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/06/08 09:42:20 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/20 21:41:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/30 10:57:02 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/24 17:43:56 | 000,352,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 19:14:18 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/10/03 10:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys -- (ccSet_MCLIENT)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 19:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 19:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/17 14:52:30 | 000,046,336 | ---- | M] (SEIKO EPSON Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMUSBXP.SYS -- (TMUSB)
DRV - [2007/07/19 17:00:00 | 000,235,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vid.sys -- (OEM07Vid)
DRV - [2007/05/17 17:00:04 | 000,014,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vfx.sys -- (OEM07Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [1997/06/12 10:53:18 | 000,026,304 | ---- | M] (MagTek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\magepnt.sys -- (MagEpNt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 C4 DD F0 51 61 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ [2013/07/25 15:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2013/08/18 13:52:53 | 000,000,000 | ---D | M]

[2013/06/06 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darci\AppData\Roaming\Mozilla\Extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://start.sweetpa...006.10045&st=23
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TopArcadeHits = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/18 01:32:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Darci\Desktop\programs\avg_remover_stf_x86_2011_1184.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Transcend.LNK = C:\Program Files\Prosolutions\Transcend.exe (ProSolutions Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F11415F7-59E8-48A6-AD7A-C3F350698541}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EpsonAPD4SV - hkey= - key= - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: OEM07Mon.exe - hkey= - key= - C:\Windows\OEM07Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDBDD92C-CE4B-88C0-8EEB-269341ED0036} - Microsoft Windows Media Player
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/18 22:59:33 | 000,358,507 | ---- | C] (Farbar) -- C:\Users\Darci\Desktop\FSS.exe
[2013/08/18 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\Malwarebytes
[2013/08/18 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/18 10:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/18 10:23:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/18 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/18 01:35:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/18 01:35:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/18 01:11:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/18 01:11:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/18 01:11:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/18 01:09:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/18 01:08:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/18 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Files to post
[2013/08/17 23:47:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/17 23:44:35 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\programs
[2013/08/17 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Files posted
[2013/08/15 03:12:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 03:02:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 03:02:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 03:02:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 03:02:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 03:02:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 03:02:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 03:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\AVG2013
[2013/08/14 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\AVG SafeGuard toolbar
[2013/08/14 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/14 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\TuneUp Software
[2013/08/14 17:35:21 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/14 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/08/14 17:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/08/14 17:32:38 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/08/14 17:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\MFAData
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Avg2013
[2013/08/14 16:50:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 16:49:01 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 16:49:01 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 14:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools SQL Recovery - 5.5(Full Version)
[2013/08/14 14:06:06 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\SysToolsSQLRecovery-5.5_Full
[2013/08/02 09:01:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\VirtualStore
[2013/07/31 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Microsoft Help
[2013/07/31 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\Visual Studio 2005
[2013/07/31 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\SQL Server Management Studio
[2013/07/31 12:16:19 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Citrix
[2013/07/25 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Salon Pics
[2013/07/25 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop
[2013/07/25 15:50:30 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys
[2013/07/25 15:50:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013
[2013/07/25 15:49:02 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/07/25 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\CrashDumps
[2013/07/25 15:39:27 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:38:58 | 000,352,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys
[2013/07/25 15:38:58 | 000,339,544 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symnets.sys
[2013/07/25 15:38:58 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.sys
[2013/07/25 15:38:57 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys
[2013/07/25 15:38:57 | 000,603,224 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys
[2013/07/25 15:38:57 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys
[2013/07/25 15:38:57 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys
[2013/07/25 15:38:57 | 000,134,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys
[2013/07/25 15:38:57 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1404000.028
[2013/07/25 15:38:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/07/25 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/07/25 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/07/20 16:14:24 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Client Follow Up Survey
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys

========== Files - Modified Within 30 Days ==========

[2013/08/18 22:59:36 | 000,358,507 | ---- | M] (Farbar) -- C:\Users\Darci\Desktop\FSS.exe
[2013/08/18 22:54:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000UA.job
[2013/08/18 22:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/18 21:32:53 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 21:32:53 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 17:37:35 | 000,000,020 | ---- | M] () -- C:\Users\Darci\LASTDATE.DAT
[2013/08/18 13:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/18 10:23:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/18 09:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000Core.job
[2013/08/18 01:50:59 | 000,000,680 | ---- | M] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/08/18 01:32:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/17 23:30:26 | 000,000,496 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/08/17 23:25:28 | 000,000,233 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/15 18:41:22 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/15 03:38:54 | 002,447,589 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/08/15 03:06:31 | 000,673,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 03:06:31 | 000,130,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 17:35:46 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 14:52:19 | 011,468,800 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:17 | 121,634,816 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 11:52:36 | 000,002,368 | ---- | M] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/10 13:09:35 | 000,021,555 | ---- | M] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:57 | 000,002,048 | ---- | M] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | M] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | M] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/08/01 10:13:33 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/25 15:58:19 | 000,000,919 | ---- | M] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:39:27 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:33:33 | 000,000,865 | ---- | M] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/07/24 19:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/24 19:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/24 19:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/24 19:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/24 19:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/24 19:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/24 19:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/24 19:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys

========== Files Created - No Company Name ==========

[2013/08/18 10:23:21 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/18 01:11:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/18 01:11:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/18 01:11:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/18 01:11:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/18 01:11:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/17 23:25:07 | 000,000,233 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/14 17:35:46 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 14:53:31 | 011,468,800 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:46 | 121,634,816 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 11:52:35 | 000,002,368 | ---- | C] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/10 13:09:32 | 000,021,555 | ---- | C] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:56 | 000,002,048 | ---- | C] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | C] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | C] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/07/29 18:09:02 | 000,000,680 | ---- | C] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/07/25 17:05:30 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\VT20130115.021
[2013/07/25 15:58:19 | 000,000,919 | ---- | C] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:50:27 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat
[2013/07/25 15:50:27 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf
[2013/07/25 15:50:27 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini
[2013/07/25 15:39:32 | 002,447,589 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/07/25 15:39:27 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:38:49 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.inf
[2013/07/25 15:38:49 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.inf
[2013/07/25 15:38:49 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNetV.inf
[2013/07/25 15:38:49 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.inf
[2013/07/25 15:38:49 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.inf
[2013/07/25 15:38:49 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.inf
[2013/07/25 15:38:49 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symELAM.inf
[2013/07/25 15:38:49 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.inf
[2013/07/25 15:38:49 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Iron.inf
[2013/07/25 15:38:48 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymVTcer.dat
[2013/07/25 15:38:48 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.cat
[2013/07/25 15:38:48 | 000,008,067 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.cat
[2013/07/25 15:38:48 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symnetv.cat
[2013/07/25 15:38:48 | 000,007,667 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.cat
[2013/07/25 15:38:48 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\iron.cat
[2013/07/25 15:38:48 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.cat
[2013/07/25 15:38:48 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.cat
[2013/07/25 15:38:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
[2013/07/25 15:33:33 | 000,000,865 | ---- | C] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/06/04 15:03:53 | 000,000,020 | ---- | C] () -- C:\Users\Darci\LASTDATE.DAT
[2013/06/04 13:31:47 | 000,003,584 | ---- | C] () -- C:\Users\Darci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 11:24:31 | 000,000,160 | ---- | C] () -- C:\Users\Darci\PTRASIGN.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\WSNUMBER.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\REGNUMBR.DAT
[2012/12/02 13:06:48 | 000,000,125 | ---- | C] () -- C:\Windows\System32\mspcu.dll
[2012/11/04 01:48:29 | 000,190,608 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/07/02 12:23:46 | 000,000,135 | ---- | C] () -- C:\Windows\System32\mspcea.dll
[2012/03/14 09:57:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/27 15:52:58 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2011/10/27 15:52:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2011/10/27 15:52:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2011/10/27 15:52:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2011/10/27 15:52:21 | 001,040,384 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2011/10/27 15:52:21 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2011/10/27 15:52:20 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2011/10/27 15:52:20 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2011/10/27 15:52:19 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2011/10/27 15:52:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2011/10/27 15:52:18 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2011/10/27 15:52:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2011/10/27 15:52:18 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2011/10/27 15:52:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2011/10/27 15:51:12 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2011/10/27 15:51:09 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2009/07/31 17:18:12 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 05:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3250820AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 16.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 16777216
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 218.00GB
Starting Offset: 15745417216
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/06/04 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Adobe
[2013/06/16 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Apple Computer
[2013/08/14 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\AVG2013
[2013/07/25 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop
[2013/06/04 12:04:38 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2013/06/04 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Identities
[2009/08/02 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Macromedia
[2013/08/18 10:23:29 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Malwarebytes
[2013/08/14 14:23:17 | 000,000,000 | --SD | M] -- C:\Users\Darci\AppData\Roaming\Microsoft
[2013/06/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Mozilla
[2013/07/19 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\TeamViewer
[2013/08/14 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\TuneUp Software
[2013/06/04 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 19:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 19:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:24:28 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 19:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 19:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 19:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 19:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 19:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 19:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 19:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 19:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >





EXTRAS from OTL:








OTL Extras logfile created on: 8/18/2013 10:59:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.87% Memory free
4.18 Gb Paging File | 2.43 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 137.89 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS

Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3697875056-3224753802-395575746-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F8608-CD8B-42F3-9D92-A7D2DF7CB0AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{128B58F3-6DD0-4854-B5BA-1F804C819ED5}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{14700920-D76C-4E35-9141-A91C37DC1DC4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1AFAF7FA-8838-4A92-A4FF-278FD571B0B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CA5EF09-AB03-4FFF-B7BE-E6D464A44EDC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2EADF15D-E31F-4912-B533-368043D51B1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{301E055E-347E-4FE8-B900-3FBCEC2509AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B72E93-A1F2-4006-B3D6-CB0666C60C53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E0482AE-3283-4BC7-81CD-79785030E066}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{61C9266F-F7FC-4263-8831-5BC4849D9752}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F1FB04-0461-4757-B6EC-D375C0537E10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AF39CA4-853E-4C6D-9A3F-D78AFF2BB2A5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70858902-6D29-4556-BBE2-E8FF8DDCA8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70E2F0FD-90BE-47FE-9615-CC63EC0320E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7736C8D8-DC69-41E2-AE86-8699759D9718}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82E8923E-5813-44A8-AB37-6A3BE05518BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8CC9A772-9A3D-4933-A074-CC4F268C4D58}" = rport=445 | protocol=6 | dir=out | app=system |
"{941B501E-CFAE-4275-A680-43E666E22A5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB775B31-E778-49AA-B3E3-0712EA09B4BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA49823E-D6FE-419E-8125-28DE9460E24F}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{CA57BAC7-D796-483D-ADBC-82D9BCED28DC}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D878066C-B011-4031-9347-136AB0AFD156}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB33031B-36DD-4DF5-B42B-EBCBA8D68512}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC8CB7D4-1549-49DB-8373-37072232589C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDC0DBBA-AAC0-4D55-A241-987B83EC8DAF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E1B3F551-1F7B-49AB-B8F2-D329B70CA70E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2E03617-6B93-48AC-A05C-2A60DE177AC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3BC39D4-FD16-4D5C-99AF-434B2CD956BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E62FA6F3-C2B7-4C44-B14C-131046E06B42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6908FA3-C827-4378-9310-9910C948D8AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD41BE57-60BD-4BDF-A3DF-2C7CB94500DB}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08433531-5D38-43CC-A45A-9DA628962248}" = protocol=17 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"{0CC891CB-E330-4B94-B342-827E01BCEF03}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12F34922-09C8-4E0C-9480-D40D09DBF3A1}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{15C97474-95B7-4D0F-B12C-F07C7136F031}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{1DAB8AE5-0559-401C-8F41-9422A65154AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1ECDD672-938E-423F-9869-282E6A233C0A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2021E22A-8B50-40D6-89F0-E81AD07E2CC0}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{2409CB09-DF5E-4BD6-BA07-4F4375EE3CDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{255CB4F9-57BE-44F2-AFF6-16BDB4540F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{259C2206-55E6-4BC8-ABB0-447E434F1CD2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{28BF6FD4-4319-49F3-91CB-D87C0FECD10D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{32D0B035-43CE-48A7-A031-81350367DD4A}" = protocol=6 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{377422BB-B8D6-4361-82C0-216028FC7C30}" = protocol=58 | dir=out | [email protected],-28546 |
"{38A3C75A-859D-4D25-90EE-CBF57D2A3F34}" = protocol=17 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{3B78B2DA-F6D8-462B-86F2-FBEF4982E580}" = protocol=1 | dir=in | [email protected],-28543 |
"{5BF34914-34E7-45BD-881D-A1B4CC54CD86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{5FCB1922-5274-44BF-958D-D567CEE3211C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{61344B26-7DFA-417C-81E8-0668D965E84F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{6E82F14D-9FE5-4C53-B1AD-164F0E1C1870}" = protocol=58 | dir=in | [email protected],-28545 |
"{77F38EB6-9B65-432C-9C3C-A47BA85C2408}" = protocol=58 | dir=in | [email protected],-148 |
"{83060903-37FC-4EEE-BF4E-8FB4BDEE40D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{847AF153-2010-48A1-B348-7C0661D83F22}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{84E33041-D43E-4221-934F-E90C5E40DF85}" = protocol=1 | dir=out | [email protected],-28544 |
"{85A7ED42-BDE8-4352-831B-AF812CC86C8C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{862FBBA9-2A0E-4B3D-A828-33A4AC664EE8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A8E70B8C-C009-456E-A3CD-522B7F895EBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE950484-8C16-4B99-9E15-680728C44709}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AF6CB217-8D03-4534-B880-18113C60FA2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2C97B42-03BE-4BE9-9552-B6E6CE3923E8}" = protocol=6 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{B3921D3F-A0A3-4EEE-8EFC-9BB6F79D2801}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{B5F7D31D-9944-4095-BBC6-2E7EACA147DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBDF697B-B8A2-4467-9DAD-F6C33B92CA23}" = protocol=17 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{C1DFAA83-0D8D-4EC9-8392-D096E35E973B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C2EA7968-9075-4D9A-B1AE-EA060619F9A8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CB7F12A9-FDB8-4661-A240-324C57D687A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D0A5BF46-1A4C-4EE1-BF9E-C73F9FFE58DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA8E0499-6AC7-4F57-9321-B4B39BC0D864}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCE1A043-4147-461D-92E1-049A1AA3EDE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFF72126-326F-41CE-95BF-707582FF0EE6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E450F139-7DBA-4739-8A94-A446A786237D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA4E05D4-360F-4E5F-9840-7D00E1BB9B21}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{EBD5B881-1C84-4F2C-BFB7-9E645E7187F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EC1033F2-BEE4-4DA2-9FD9-B1D2632CB433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7EEAB4D-442B-4F62-9A92-51A81BACD9AD}" = protocol=6 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"TCP Query User{1D7C362C-36E6-4704-9563-8002F1D64EA7}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=6 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |
"TCP Query User{2E9FCE75-3F74-4214-942C-DDF68AE51153}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{470DFE71-573C-42CE-92C2-B38C562ECA57}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"TCP Query User{AD748869-49F5-4839-AF70-310EB7F960A5}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{4AF232E2-D6AD-46C7-B9D5-79F0D9CC0A24}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{93B51D3C-71EE-4C44-B859-7F767D4A4401}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{9C804C06-BC09-405C-B44B-19EF43F66E0C}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{E37724AA-1196-4F44-A867-6C2A5E4B9ABA}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=17 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{'2D51C647-8D21-4429-82F1-D71BDBE2D4E4'}_is1" = NetMass SystemSafePro
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11FF6AF6-0141-4EF8-829A-989459A1E5D8}" = EPSON Advanced Printer Driver 4
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Click-N-Ship for Business
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3044BF70-0D39-4F72-B18F-33DA9E82088C}" = DSIClient Version 2.50.3851 - DSIClientX 3.85
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87D946F1-3B51-401B-9AF1-BDB5CD84261A}" = PCCharge Payment Server
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B021A7CC-A7DB-42F8-9E65-17B5B7B169F6}" = Clover DVR
"{B27B646E-76EA-4412-91D8-A4DFDA8AD152}" = LogMeIn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2092A60-CF79-4996-B5E6-98598E1D6696}" = PCCharge Payment Server
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"Creative OEM007" = Integrated Webcam Driver (1.00.01.0720)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"NIS" = Norton Internet Security
"PRJPRO" = Microsoft Office Project Professional 2007
"ST6UNST #1" = ProSolutions Software, Inc.
"ST6UNST #2" = ProSolutions Software, Inc. (C:\Program Files\PROSALON\)
"ST6UNST #3" = ProSolutions Software, Inc. (c:\Program Files\PROSALON\) #3
"ST6UNST #4" = ProConfirm
"ST6UNST #5" = ProSolutions Software, Inc. (c:\Program Files\ProSolutions\)
"ST6UNST #6" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #3
"ST6UNST #7" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #4
"VISPRO" = Microsoft Office Visio Professional 2007
"WebDesigner" = Microsoft Expression Web
"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2013 4:30:53 PM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2013 4:53:49 PM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2013 10:30:10 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/18/2013 10:31:18 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

Error - 8/19/2013 2:02:54 AM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =

[ OSession Events ]
Error - 9/12/2009 11:58:58 AM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83085
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2009 12:58:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86786
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/23/2009 12:57:40 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86675
seconds with 240 seconds of active time. This session ended with a crash.

Error - 11/27/2009 9:13:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 550
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/28/2010 11:55:47 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/23/2010 2:20:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 351
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/15/2010 11:39:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9448
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/3/2010 6:21:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6620
seconds with 2220 seconds of active time. This session ended with a crash.

Error - 12/3/2010 7:06:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2664
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 9/18/2011 6:57:39 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 143
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/18/2013 5:42:45 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 63752. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 6:48:51 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 6:49:18 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 7:12:09 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 7:12:58 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 78240. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 7:41:54 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30968. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 7:43:48 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 7:51:58 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 58388. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 8:06:06 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.

Error - 8/18/2013 8:06:59 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 73000. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.


< End of report >




FSS:








Farbar Service Scanner Version: 18-08-2013
Ran by Darci (administrator) on 18-08-2013 at 23:24:14
Running from "C:\Users\Darci\Desktop"
Microsoft Windows Vista Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 16:49] - [2013-07-04 21:53] - 0905664 ____A (Microsoft Corporation) D18D53974FD715D50FC76F9FFE1C830D

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 16:46] - [2013-07-07 21:16] - 0133120 ____A (Microsoft Corporation) 684C130BBC6DB681BAD4920A4C944AA5

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



I also have a "MBR.dat" file that I don't know where it came from and it doesn't make sense but here's what was in it:


3м |ؾ | Ph ~ | V UF F AU ]r Uu t F f`~ t&fh fv h h |h h BV |V v N n fas N ~ U2V ] >}Uunv d `x dq f#u;f TCPAu2 r,fh fh fh fSfSfUfh fh | fah Z2 | 2 < t +d $ $ Invalid partition table Error loading operating system Missing operating system bz ? ? C}
@ HE U



Thank you so much!

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 6 Update 31
Java 6 Update 7

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

You are running two anti-viruses: AVG 2013 and Norton Internet Security. One is all you want. They fight each other and will slow your PC down.

Uninstall the one you don't want and then run the appropriate removal tool by right clicking and Run As Admin:

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

or


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

How is it running now? Any sign of malware?

If you still think you are infected then:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

and/or

Run aswMBR again as before but where it says AV Scan Quickscan change it to C:\ before starting the scan.

Either of the above will take many hours to complete so you may want to let them run overnight. Best to pause your anti-virus, close all programs and do not try to do anything else until the scan finishes.
  • 0

#7
A-G

A-G

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I had cleared Java Cache a few days ago then removed it from the computer. I don't really need it.

I tried removing AVG as you explained but it's still in the computer. When I run as admin., it states that it may need to restart several times, but doesn't do anything. AVG is not available in the add/remove programs control panel but the icon is still in the Start>Programs section. If I just delete it from the C drive, would it work?

I believe I still have the virus because I continue to receive pop-up ads. I ran ESET Online and it detected 0 threats therefore, I don't have a text file to export.

I'm currently running the aswMBR but I came across another problem.

I've never had this happen but my Epson receipt printer is not printing. Says "Unable to print. Insufficient disk space". I went to my add/remove programs in control panel and removed the only available software from the ones I have recently downloaded, Malwarebytes but it still says the same thing. I have not done anything other then your directions. Please let me know how I can get the receipt to print again. I've had it for 5 years and has been working fine every day since. I just removed the Epson program I had and reinstalled the driver from the epson website but still no luck. Any idea why it happened or what I can do to fix it?

Thank you very much!

Edited by A-G, 20 August 2013 - 03:35 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
You had stopped one of the Epson programs with msconfig:

MsConfig - StartUpReg: EpsonAPD4SV - hkey= - key= - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)

Go into msconfig and tell it Normal Startup. OK and reboot. There were a lot of printing problems reported in the event logs like this one:

The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 73000. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.

This sort of looks like a bad print document has jammed the queue. Start, Devices and printer, find your printer (make sure it has the green default printer check), right click on it and See what's Printing. IF you see any documents, delete them. Close the See what's Printing window and try to print again. If nothing was in the See What's Printing window then Go back and right click on your printer and select Printer Properties. Under Advanced, click on Print Directly to the Printer. OK. Try to print again.

There is also an error:

Log: 'Application' Date/Time: 18/08/2013 8:07:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008_Classes:
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Process 1740 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

This may be more evidence of a stuck document or it could be a problem with Norton.

Rebooting may also help a bit with AVG as there was a RunOnce entry for avg remover that was waiting for a reboot:

O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Darci\Desktop\programs\avg_remover_stf_x86_2011_1184.exe (AVG Technologies CZ, s.r.o.)

If avg is still present then we can remove it with Combofix.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

AtJob::

SecCenter::
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1- 6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Users\Public\Desktop\AVG 2013.lnk
C:\Windows\System32\drivers\avgtpx86.sys
C:\Windows\System32\drivers\avglogx.sys


Driver::
Avglogx
avgtp
AVGIDSHX
AVGIDSShim
vToolbarUpdater15.5.0


Folder::
C:\Program Files\AVG
C:\Users\Darci\AppData\Roaming\AVG2013
C:\Program Files\Common Files\AVG Secure Search
C:\$AVG
C:\ProgramData\AVG2013
C:\Users\Darci\AppData\Roaming\AVG2013
C:\Users\Darci\AppData\Local\Avg2013
C:\Users\Darci\AppData\Local\AVG SafeGuard toolbar
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\Users\Darci\AppData\Roaming\TuneUp Software
C:\ProgramData\AVG SafeGuard toolbar
C:\Program Files\Common Files\AVG Secure Search


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own. Ignore any warning that AVG is running.

Post the new log. It really should be saving the log as Combofix.txt. Might be in C:\Combofix\Combofix.txt.

Which browser are you using when you get the popups?
  • 0

#9
A-G

A-G

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks the printer works! I use Chrome for Internet browsing.

Heres the Combo fix.txt:

ComboFix 13-08-20.01 - Darci 08/21/2013 8:37.2.2 - x86
Microsoft Windows Vista Business 6.0.6002.2.1252.1.1033.18.2022.779 [GMT -7:00]
Running from: c:\users\Darci\Desktop\ComboFix.exe
Command switches used :: c:\users\Darci\Desktop\CFScript.txt.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Public\Desktop\AVG 2013.lnk"
"c:\windows\System32\drivers\avglogx.sys"
"c:\windows\System32\drivers\avgtpx86.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\program files\AVG
c:\program files\AVG\AVG2013\3rd_party\licenses\ace.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\arabica.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\boost.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\bsdiff.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\bzip.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\carp.html
c:\program files\AVG\AVG2013\3rd_party\licenses\cryptopp.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\curl.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\dazukofs.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\expat.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\imagemagick.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\infozip.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\lua.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\md4_md5_license.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\milter.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\minizip.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\openssl_license.html
c:\program files\AVG\AVG2013\3rd_party\licenses\sasl.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\tinyxml.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\unrar.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\untar.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\xalan_xerces.txt
c:\program files\AVG\AVG2013\3rd_party\licenses\zlib.txt
c:\program files\AVG\AVG2013\3rd_party\readme.txt
c:\program files\AVG\AVG2013\avg.snu
c:\program files\AVG\AVG2013\avg_us.lng
c:\program files\AVG\AVG2013\avgadvisorx.dll
c:\program files\AVG\AVG2013\avgapix.dll
c:\program files\AVG\AVG2013\avgapps.dll
c:\program files\AVG\AVG2013\avgar_us.chm
c:\program files\AVG\AVG2013\avgatend.stp
c:\program files\AVG\AVG2013\avgatupd.stp
c:\program files\AVG\AVG2013\avgcclix.dll
c:\program files\AVG\AVG2013\avgceix.dll
c:\program files\AVG\AVG2013\avgcertx.dll
c:\program files\AVG\AVG2013\avgcfgex.exe
c:\program files\AVG\AVG2013\avgcfgx.dll
c:\program files\AVG\AVG2013\avgchclx.dll
c:\program files\AVG\AVG2013\avgchjwx.dll
c:\program files\AVG\AVG2013\avgclitx.dll
c:\program files\AVG\AVG2013\avgcmgr.exe
c:\program files\AVG\AVG2013\avgcommx.dll
c:\program files\AVG\AVG2013\avgcorex.dll
c:\program files\AVG\AVG2013\avgcremx.exe
c:\program files\AVG\AVG2013\avgcslx.dll
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\program files\AVG\AVG2013\avgdecider.dll
c:\program files\AVG\AVG2013\avgdg_us.chm
c:\program files\AVG\AVG2013\avgdiagex.exe
c:\program files\AVG\AVG2013\avgduix.dll
c:\program files\AVG\AVG2013\avgdumpx.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\program files\AVG\AVG2013\avgf_us.chm
c:\program files\AVG\AVG2013\avgidp_us.chm
c:\program files\AVG\AVG2013\avgidpmx.dll
c:\program files\AVG\AVG2013\avgidpsdkx.dll
c:\program files\AVG\AVG2013\avgidsagent.exe
c:\program files\AVG\AVG2013\avgkrnlapix.dll
c:\program files\AVG\AVG2013\avglngx.dll
c:\program files\AVG\AVG2013\avglogx.dll
c:\program files\AVG\AVG2013\avgls_us.chm
c:\program files\AVG\AVG2013\avgmfapx.exe
c:\program files\AVG\AVG2013\avgmfarx.dll
c:\program files\AVG\AVG2013\avgmvflx.dll
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\AVG\AVG2013\avgntdumpx.exe
c:\program files\AVG\AVG2013\avgntopensslx.dll
c:\program files\AVG\AVG2013\avgntsqlitex.dll
c:\program files\AVG\AVG2013\avgopensslx.dll
c:\program files\AVG\AVG2013\avgoutlookx.dll
c:\program files\AVG\AVG2013\avgpostinstx.dll
c:\program files\AVG\AVG2013\avgrdtestx.exe
c:\program files\AVG\AVG2013\avgrktx.dll
c:\program files\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgsbgx.dll
c:\program files\AVG\AVG2013\avgscanx.dll
c:\program files\AVG\AVG2013\avgscanx.exe
c:\program files\AVG\AVG2013\avgsched.dll
c:\program files\AVG\AVG2013\avgse.dll
c:\program files\AVG\AVG2013\avgsecapix.dll
c:\program files\AVG\AVG2013\avgsrmax.exe
c:\program files\AVG\AVG2013\avgsysx.dll
c:\program files\AVG\AVG2013\AVGTBInstall.exe
c:\program files\AVG\AVG2013\avgtranx.dll
c:\program files\AVG\AVG2013\avgui.exe
c:\program files\AVG\AVG2013\avguiadvx.dll
c:\program files\AVG\AVG2013\avguires.dll
c:\program files\AVG\AVG2013\avguirux.exe
c:\program files\AVG\AVG2013\avgupd.sig
c:\program files\AVG\AVG2013\avgupdx.dll
c:\program files\AVG\AVG2013\avgutilx.dll
c:\program files\AVG\AVG2013\avgvvx.dll
c:\program files\AVG\AVG2013\avgwd.dll
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\program files\AVG\AVG2013\avgwdwsc.dll
c:\program files\AVG\AVG2013\avgwsc.exe
c:\program files\AVG\AVG2013\avgxpl.dll
c:\program files\AVG\AVG2013\awacs\bnfree-control\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnfree-control\sign.bin
c:\program files\AVG\AVG2013\awacs\bnfree-vara\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnfree-vara\sign.bin
c:\program files\AVG\AVG2013\awacs\bnfree-varb\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnfree-varb\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidav-control\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidav-control\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidav-vara\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidav-vara\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidav-varb\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidav-varb\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidis-control\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidis-control\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidis-vara\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidis-vara\sign.bin
c:\program files\AVG\AVG2013\awacs\bnpaidis-varb\component\content.dat
c:\program files\AVG\AVG2013\awacs\bnpaidis-varb\sign.bin
c:\program files\AVG\AVG2013\awacs\bntrial-control\component\content.dat
c:\program files\AVG\AVG2013\awacs\bntrial-control\sign.bin
c:\program files\AVG\AVG2013\awacs\bntrial-vara\component\content.dat
c:\program files\AVG\AVG2013\awacs\bntrial-vara\sign.bin
c:\program files\AVG\AVG2013\awacs\bntrial-varb\component\content.dat
c:\program files\AVG\AVG2013\awacs\bntrial-varb\sign.bin
c:\program files\AVG\AVG2013\awacs\driverupdate\component\content.dat
c:\program files\AVG\AVG2013\awacs\driverupdate\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\driverupdate\sign.bin
c:\program files\AVG\AVG2013\awacs\familysafety\component\content.dat
c:\program files\AVG\AVG2013\awacs\familysafety\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\familysafety\sign.bin
c:\program files\AVG\AVG2013\awacs\firewallicon\component\content.dat
c:\program files\AVG\AVG2013\awacs\firewallicon\component\firewall.gif
c:\program files\AVG\AVG2013\awacs\firewallicon\component\firewall.png
c:\program files\AVG\AVG2013\awacs\firewallicon\component\fwfree.html
c:\program files\AVG\AVG2013\awacs\firewallicon\component\fwfree_us.html
c:\program files\AVG\AVG2013\awacs\firewallicon\component\style.css
c:\program files\AVG\AVG2013\awacs\firewallicon\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control2.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control2.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control2.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control2.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control2\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control2\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control2\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control2\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control3.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control3.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control3.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control3.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control3\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control3\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control3\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control3\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control4.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control4.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control4.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control4.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-control4\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control4\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-control4\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-control4\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara2\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara3\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vara4\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb2\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb3\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varb4\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc2\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc3\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-varc4\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard2\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard3\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4\component\background.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4\component\content.dat
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\fix_performance-vard4\sign.bin
c:\program files\AVG\AVG2013\awacs\livekive\component\content.dat
c:\program files\AVG\AVG2013\awacs\livekive\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\livekive\sign.bin
c:\program files\AVG\AVG2013\awacs\mobilation\component\content.dat
c:\program files\AVG\AVG2013\awacs\mobilation\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\mobilation\sign.bin
c:\program files\AVG\AVG2013\awacs\mobilation_en\component\content.dat
c:\program files\AVG\AVG2013\awacs\mobilation_en\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\mobilation_en\sign.bin
c:\program files\AVG\AVG2013\awacs\multimi\component\content.dat
c:\program files\AVG\AVG2013\awacs\multimi\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\multimi\sign.bin
c:\program files\AVG\AVG2013\awacs\pct.an\component\background.bmp
c:\program files\AVG\AVG2013\awacs\pct.an\component\content.dat
c:\program files\AVG\AVG2013\awacs\pct.an\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\pct.an\sign.bin
c:\program files\AVG\AVG2013\awacs\pct.ok\component\background.bmp
c:\program files\AVG\AVG2013\awacs\pct.ok\component\content.dat
c:\program files\AVG\AVG2013\awacs\pct.ok\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\pct.ok\sign.bin
c:\program files\AVG\AVG2013\awacs\rules.cat
c:\program files\AVG\AVG2013\awacs\rules.js
c:\program files\AVG\AVG2013\awacs\speedtest\component\content.dat
c:\program files\AVG\AVG2013\awacs\speedtest\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\speedtest\sign.bin
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\content.dat
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-icon1.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-icon2.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-icon3.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-icon4.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-icon5.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\sf-separator.png
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\style.css
c:\program files\AVG\AVG2013\awacs\superfree-agg\component\us.html
c:\program files\AVG\AVG2013\awacs\superfree-agg\sign.bin
c:\program files\AVG\AVG2013\awacs\superfree-free\component\content.dat
c:\program files\AVG\AVG2013\awacs\superfree-free\component\s_code.js
c:\program files\AVG\AVG2013\awacs\superfree-free\component\separator.png
c:\program files\AVG\AVG2013\awacs\superfree-free\component\style.css
c:\program files\AVG\AVG2013\awacs\superfree-free\component\tick.png
c:\program files\AVG\AVG2013\awacs\superfree-free\component\transparent.gif
c:\program files\AVG\AVG2013\awacs\superfree-free\component\us.html
c:\program files\AVG\AVG2013\awacs\superfree-free\sign.bin
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\content.dat
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-icon1.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-icon2.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-icon3.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-icon4.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-icon5.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\sf-separator.png
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\style.css
c:\program files\AVG\AVG2013\awacs\superfree-friendly\component\us.html
c:\program files\AVG\AVG2013\awacs\superfree-friendly\sign.bin
c:\program files\AVG\AVG2013\awacs\techbuddy\component\content.dat
c:\program files\AVG\AVG2013\awacs\techbuddy\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\techbuddy\sign.bin
c:\program files\AVG\AVG2013\awacs\upgrade\component\content.dat
c:\program files\AVG\AVG2013\awacs\upgrade\component\icon.bmp
c:\program files\AVG\AVG2013\awacs\upgrade\sign.bin
c:\program files\AVG\AVG2013\banners\banners.zip
c:\program files\AVG\AVG2013\banners\free\cz.html
c:\program files\AVG\AVG2013\banners\free\da.html
c:\program files\AVG\AVG2013\banners\free\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\free\es.html
c:\program files\AVG\AVG2013\banners\free\fr.html
c:\program files\AVG\AVG2013\banners\free\ge.html
c:\program files\AVG\AVG2013\banners\free\hu.html
c:\program files\AVG\AVG2013\banners\free\id.html
c:\program files\AVG\AVG2013\banners\free\in.html
c:\program files\AVG\AVG2013\banners\free\it.html
c:\program files\AVG\AVG2013\banners\free\jp.html
c:\program files\AVG\AVG2013\banners\free\ko.html
c:\program files\AVG\AVG2013\banners\free\ms.html
c:\program files\AVG\AVG2013\banners\free\nl.html
c:\program files\AVG\AVG2013\banners\free\pb.html
c:\program files\AVG\AVG2013\banners\free\pl.html
c:\program files\AVG\AVG2013\banners\free\pt.html
c:\program files\AVG\AVG2013\banners\free\ru.html
c:\program files\AVG\AVG2013\banners\free\s_code.js
c:\program files\AVG\AVG2013\banners\free\sc.html
c:\program files\AVG\AVG2013\banners\free\separator.png
c:\program files\AVG\AVG2013\banners\free\sk.html
c:\program files\AVG\AVG2013\banners\free\sp.html
c:\program files\AVG\AVG2013\banners\free\style.css
c:\program files\AVG\AVG2013\banners\free\tick.png
c:\program files\AVG\AVG2013\banners\free\tr.html
c:\program files\AVG\AVG2013\banners\free\transparent.gif
c:\program files\AVG\AVG2013\banners\free\us.html
c:\program files\AVG\AVG2013\banners\free\zh.html
c:\program files\AVG\AVG2013\banners\free\zt.html
c:\program files\AVG\AVG2013\banners\linkscanner\cz.html
c:\program files\AVG\AVG2013\banners\linkscanner\da.html
c:\program files\AVG\AVG2013\banners\linkscanner\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\linkscanner\es.html
c:\program files\AVG\AVG2013\banners\linkscanner\fr.html
c:\program files\AVG\AVG2013\banners\linkscanner\ge.html
c:\program files\AVG\AVG2013\banners\linkscanner\hu.html
c:\program files\AVG\AVG2013\banners\linkscanner\id.html
c:\program files\AVG\AVG2013\banners\linkscanner\in.html
c:\program files\AVG\AVG2013\banners\linkscanner\isc-box.png
c:\program files\AVG\AVG2013\banners\linkscanner\it.html
c:\program files\AVG\AVG2013\banners\linkscanner\jp.html
c:\program files\AVG\AVG2013\banners\linkscanner\ko.html
c:\program files\AVG\AVG2013\banners\linkscanner\ms.html
c:\program files\AVG\AVG2013\banners\linkscanner\nl.html
c:\program files\AVG\AVG2013\banners\linkscanner\pb.html
c:\program files\AVG\AVG2013\banners\linkscanner\pl.html
c:\program files\AVG\AVG2013\banners\linkscanner\pt.html
c:\program files\AVG\AVG2013\banners\linkscanner\ru.html
c:\program files\AVG\AVG2013\banners\linkscanner\sc.html
c:\program files\AVG\AVG2013\banners\linkscanner\sk.html
c:\program files\AVG\AVG2013\banners\linkscanner\sp.html
c:\program files\AVG\AVG2013\banners\linkscanner\style.css
c:\program files\AVG\AVG2013\banners\linkscanner\tr.html
c:\program files\AVG\AVG2013\banners\linkscanner\us.html
c:\program files\AVG\AVG2013\banners\linkscanner\zh.html
c:\program files\AVG\AVG2013\banners\linkscanner\zt.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\cz.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\da.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.notice.smb\es.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\fr.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ge.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\hu.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\id.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\in.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\it.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\jp.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ko.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\logo.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ms.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\nl.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pb.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pl.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pt.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ru.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sc.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sk.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sp.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\style.css
c:\program files\AVG\AVG2013\banners\paid.notice.smb\tr.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.notice.smb\us.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\zh.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\zt.html
c:\program files\AVG\AVG2013\banners\paid.notice\cz.html
c:\program files\AVG\AVG2013\banners\paid.notice\da.html
c:\program files\AVG\AVG2013\banners\paid.notice\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.notice\es.html
c:\program files\AVG\AVG2013\banners\paid.notice\fr.html
c:\program files\AVG\AVG2013\banners\paid.notice\ge.html
c:\program files\AVG\AVG2013\banners\paid.notice\hu.html
c:\program files\AVG\AVG2013\banners\paid.notice\id.html
c:\program files\AVG\AVG2013\banners\paid.notice\in.html
c:\program files\AVG\AVG2013\banners\paid.notice\it.html
c:\program files\AVG\AVG2013\banners\paid.notice\jp.html
c:\program files\AVG\AVG2013\banners\paid.notice\ko.html
c:\program files\AVG\AVG2013\banners\paid.notice\ms.html
c:\program files\AVG\AVG2013\banners\paid.notice\nl.html
c:\program files\AVG\AVG2013\banners\paid.notice\pb.html
c:\program files\AVG\AVG2013\banners\paid.notice\pl.html
c:\program files\AVG\AVG2013\banners\paid.notice\pt.html
c:\program files\AVG\AVG2013\banners\paid.notice\ru.html
c:\program files\AVG\AVG2013\banners\paid.notice\sc.html
c:\program files\AVG\AVG2013\banners\paid.notice\sk.html
c:\program files\AVG\AVG2013\banners\paid.notice\sp.html
c:\program files\AVG\AVG2013\banners\paid.notice\style.css
c:\program files\AVG\AVG2013\banners\paid.notice\tr.html
c:\program files\AVG\AVG2013\banners\paid.notice\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.notice\us.html
c:\program files\AVG\AVG2013\banners\paid.notice\zh.html
c:\program files\AVG\AVG2013\banners\paid.notice\zt.html
c:\program files\AVG\AVG2013\banners\paid.smb\cz.html
c:\program files\AVG\AVG2013\banners\paid.smb\da.html
c:\program files\AVG\AVG2013\banners\paid.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.smb\es.html
c:\program files\AVG\AVG2013\banners\paid.smb\fr.html
c:\program files\AVG\AVG2013\banners\paid.smb\ge.html
c:\program files\AVG\AVG2013\banners\paid.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\paid.smb\hu.html
c:\program files\AVG\AVG2013\banners\paid.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\paid.smb\id.html
c:\program files\AVG\AVG2013\banners\paid.smb\in.html
c:\program files\AVG\AVG2013\banners\paid.smb\it.html
c:\program files\AVG\AVG2013\banners\paid.smb\jp.html
c:\program files\AVG\AVG2013\banners\paid.smb\ko.html
c:\program files\AVG\AVG2013\banners\paid.smb\logo.png
c:\program files\AVG\AVG2013\banners\paid.smb\ms.html
c:\program files\AVG\AVG2013\banners\paid.smb\nl.html
c:\program files\AVG\AVG2013\banners\paid.smb\pb.html
c:\program files\AVG\AVG2013\banners\paid.smb\pl.html
c:\program files\AVG\AVG2013\banners\paid.smb\pt.html
c:\program files\AVG\AVG2013\banners\paid.smb\ru.html
c:\program files\AVG\AVG2013\banners\paid.smb\sc.html
c:\program files\AVG\AVG2013\banners\paid.smb\sk.html
c:\program files\AVG\AVG2013\banners\paid.smb\sp.html
c:\program files\AVG\AVG2013\banners\paid.smb\style.css
c:\program files\AVG\AVG2013\banners\paid.smb\tr.html
c:\program files\AVG\AVG2013\banners\paid.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.smb\us.html
c:\program files\AVG\AVG2013\banners\paid.smb\zh.html
c:\program files\AVG\AVG2013\banners\paid.smb\zt.html
c:\program files\AVG\AVG2013\banners\paid\cz.html
c:\program files\AVG\AVG2013\banners\paid\da.html
c:\program files\AVG\AVG2013\banners\paid\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid\es.html
c:\program files\AVG\AVG2013\banners\paid\fr.html
c:\program files\AVG\AVG2013\banners\paid\ge.html
c:\program files\AVG\AVG2013\banners\paid\hu.html
c:\program files\AVG\AVG2013\banners\paid\id.html
c:\program files\AVG\AVG2013\banners\paid\in.html
c:\program files\AVG\AVG2013\banners\paid\it.html
c:\program files\AVG\AVG2013\banners\paid\jp.html
c:\program files\AVG\AVG2013\banners\paid\ko.html
c:\program files\AVG\AVG2013\banners\paid\logo.png
c:\program files\AVG\AVG2013\banners\paid\ms.html
c:\program files\AVG\AVG2013\banners\paid\nl.html
c:\program files\AVG\AVG2013\banners\paid\pb.html
c:\program files\AVG\AVG2013\banners\paid\pl.html
c:\program files\AVG\AVG2013\banners\paid\pt.html
c:\program files\AVG\AVG2013\banners\paid\ru.html
c:\program files\AVG\AVG2013\banners\paid\sc.html
c:\program files\AVG\AVG2013\banners\paid\sk.html
c:\program files\AVG\AVG2013\banners\paid\sp.html
c:\program files\AVG\AVG2013\banners\paid\style.css
c:\program files\AVG\AVG2013\banners\paid\tr.html
c:\program files\AVG\AVG2013\banners\paid\transparent.gif
c:\program files\AVG\AVG2013\banners\paid\us.html
c:\program files\AVG\AVG2013\banners\paid\zh.html
c:\program files\AVG\AVG2013\banners\paid\zt.html
c:\program files\AVG\AVG2013\banners\sales\cz.html
c:\program files\AVG\AVG2013\banners\sales\da.html
c:\program files\AVG\AVG2013\banners\sales\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\sales\es.html
c:\program files\AVG\AVG2013\banners\sales\fr.html
c:\program files\AVG\AVG2013\banners\sales\ge.html
c:\program files\AVG\AVG2013\banners\sales\hu.html
c:\program files\AVG\AVG2013\banners\sales\id.html
c:\program files\AVG\AVG2013\banners\sales\in.html
c:\program files\AVG\AVG2013\banners\sales\it.html
c:\program files\AVG\AVG2013\banners\sales\jp.html
c:\program files\AVG\AVG2013\banners\sales\ko.html
c:\program files\AVG\AVG2013\banners\sales\ms.html
c:\program files\AVG\AVG2013\banners\sales\nl.html
c:\program files\AVG\AVG2013\banners\sales\pb.html
c:\program files\AVG\AVG2013\banners\sales\pl.html
c:\program files\AVG\AVG2013\banners\sales\pt.html
c:\program files\AVG\AVG2013\banners\sales\ru.html
c:\program files\AVG\AVG2013\banners\sales\sc.html
c:\program files\AVG\AVG2013\banners\sales\sk.html
c:\program files\AVG\AVG2013\banners\sales\sp.html
c:\program files\AVG\AVG2013\banners\sales\style.css
c:\program files\AVG\AVG2013\banners\sales\tr.html
c:\program files\AVG\AVG2013\banners\sales\transparent.gif
c:\program files\AVG\AVG2013\banners\sales\us.html
c:\program files\AVG\AVG2013\banners\sales\zh.html
c:\program files\AVG\AVG2013\banners\sales\zt.html
c:\program files\AVG\AVG2013\banners\trial.smb\cz.html
c:\program files\AVG\AVG2013\banners\trial.smb\da.html
c:\program files\AVG\AVG2013\banners\trial.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\trial.smb\es.html
c:\program files\AVG\AVG2013\banners\trial.smb\fr.html
c:\program files\AVG\AVG2013\banners\trial.smb\ge.html
c:\program files\AVG\AVG2013\banners\trial.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\trial.smb\hu.html
c:\program files\AVG\AVG2013\banners\trial.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\trial.smb\id.html
c:\program files\AVG\AVG2013\banners\trial.smb\in.html
c:\program files\AVG\AVG2013\banners\trial.smb\it.html
c:\program files\AVG\AVG2013\banners\trial.smb\jp.html
c:\program files\AVG\AVG2013\banners\trial.smb\ko.html
c:\program files\AVG\AVG2013\banners\trial.smb\logo.png
c:\program files\AVG\AVG2013\banners\trial.smb\ms.html
c:\program files\AVG\AVG2013\banners\trial.smb\nl.html
c:\program files\AVG\AVG2013\banners\trial.smb\pb.html
c:\program files\AVG\AVG2013\banners\trial.smb\pl.html
c:\program files\AVG\AVG2013\banners\trial.smb\pt.html
c:\program files\AVG\AVG2013\banners\trial.smb\ru.html
c:\program files\AVG\AVG2013\banners\trial.smb\sc.html
c:\program files\AVG\AVG2013\banners\trial.smb\sk.html
c:\program files\AVG\AVG2013\banners\trial.smb\sp.html
c:\program files\AVG\AVG2013\banners\trial.smb\style.css
c:\program files\AVG\AVG2013\banners\trial.smb\tr.html
c:\program files\AVG\AVG2013\banners\trial.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\trial.smb\us.html
c:\program files\AVG\AVG2013\banners\trial.smb\zh.html
c:\program files\AVG\AVG2013\banners\trial.smb\zt.html
c:\program files\AVG\AVG2013\banners\trial\cz.html
c:\program files\AVG\AVG2013\banners\trial\da.html
c:\program files\AVG\AVG2013\banners\trial\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\trial\es.html
c:\program files\AVG\AVG2013\banners\trial\fr.html
c:\program files\AVG\AVG2013\banners\trial\ge.html
c:\program files\AVG\AVG2013\banners\trial\hu.html
c:\program files\AVG\AVG2013\banners\trial\id.html
c:\program files\AVG\AVG2013\banners\trial\in.html
c:\program files\AVG\AVG2013\banners\trial\it.html
c:\program files\AVG\AVG2013\banners\trial\jp.html
c:\program files\AVG\AVG2013\banners\trial\ko.html
c:\program files\AVG\AVG2013\banners\trial\ms.html
c:\program files\AVG\AVG2013\banners\trial\nl.html
c:\program files\AVG\AVG2013\banners\trial\pb.html
c:\program files\AVG\AVG2013\banners\trial\pl.html
c:\program files\AVG\AVG2013\banners\trial\pt.html
c:\program files\AVG\AVG2013\banners\trial\ru.html
c:\program files\AVG\AVG2013\banners\trial\sc.html
c:\program files\AVG\AVG2013\banners\trial\sk.html
c:\program files\AVG\AVG2013\banners\trial\sp.html
c:\program files\AVG\AVG2013\banners\trial\style.css
c:\program files\AVG\AVG2013\banners\trial\tr.html
c:\program files\AVG\AVG2013\banners\trial\transparent.gif
c:\program files\AVG\AVG2013\banners\trial\us.html
c:\program files\AVG\AVG2013\banners\trial\zh.html
c:\program files\AVG\AVG2013\banners\trial\zt.html
c:\program files\AVG\AVG2013\cf.dat
c:\program files\AVG\AVG2013\compat.ini
c:\program files\AVG\AVG2013\contacts_us.html
c:\program files\AVG\AVG2013\dfncfg.dat
c:\program files\AVG\AVG2013\Drivers\avgboot.cat
c:\program files\AVG\AVG2013\Drivers\avgboot.inf
c:\program files\AVG\AVG2013\Drivers\avgboota.sys
c:\program files\AVG\AVG2013\Drivers\avgbootx.sys
c:\program files\AVG\AVG2013\Drivers\avgidsdriver.cat
c:\program files\AVG\AVG2013\Drivers\avgidsdriver.inf
c:\program files\AVG\AVG2013\Drivers\avgidsdrivera.sys
c:\program files\AVG\AVG2013\Drivers\avgidsdriverx.sys
c:\program files\AVG\AVG2013\Drivers\avgidsh.cat
c:\program files\AVG\AVG2013\Drivers\avgidsh.inf
c:\program files\AVG\AVG2013\Drivers\avgidsha.sys
c:\program files\AVG\AVG2013\Drivers\avgidshx.sys
c:\program files\AVG\AVG2013\Drivers\avgidsshim.cat
c:\program files\AVG\AVG2013\Drivers\avgidsshim.inf
c:\program files\AVG\AVG2013\Drivers\avgidsshimx.sys
c:\program files\AVG\AVG2013\Drivers\avgidsuniversalddx.sys
c:\program files\AVG\AVG2013\Drivers\avgld.cat
c:\program files\AVG\AVG2013\Drivers\avgld.inf
c:\program files\AVG\AVG2013\Drivers\avgldx64.sys
c:\program files\AVG\AVG2013\Drivers\avgldx86.sys
c:\program files\AVG\AVG2013\Drivers\avglog.cat
c:\program files\AVG\AVG2013\Drivers\avglog.inf
c:\program files\AVG\AVG2013\Drivers\avgloga.sys
c:\program files\AVG\AVG2013\Drivers\avglogx.sys
c:\program files\AVG\AVG2013\Drivers\avgmf.cat
c:\program files\AVG\AVG2013\Drivers\avgmf.inf
c:\program files\AVG\AVG2013\Drivers\avgmfx64.sys
c:\program files\AVG\AVG2013\Drivers\avgmfx86.sys
c:\program files\AVG\AVG2013\Drivers\avgrk.cat
c:\program files\AVG\AVG2013\Drivers\avgrk.inf
c:\program files\AVG\AVG2013\Drivers\avgrkx64.sys
c:\program files\AVG\AVG2013\Drivers\avgrkx86.sys
c:\program files\AVG\AVG2013\Drivers\avgtdi.cat
c:\program files\AVG\AVG2013\Drivers\avgtdi.inf
c:\program files\AVG\AVG2013\Drivers\avgtdia.sys
c:\program files\AVG\AVG2013\Drivers\avgtdix.sys
c:\program files\AVG\AVG2013\eus.dat
c:\program files\AVG\AVG2013\fixcfg.exe
c:\program files\AVG\AVG2013\html\reportcard\avg_logo.png
c:\program files\AVG\AVG2013\html\reportcard\awards.png
c:\program files\AVG\AVG2013\html\reportcard\index.html
c:\program files\AVG\AVG2013\html\reportcard\menu-bg.png
c:\program files\AVG\AVG2013\html\reportcard\menu-content-bg.png
c:\program files\AVG\AVG2013\html\reportcard\reportcard.css
c:\program files\AVG\AVG2013\html\reportcard\table_bg.png
c:\program files\AVG\AVG2013\HtmLayout.dll
c:\program files\AVG\AVG2013\js.dat
c:\program files\AVG\AVG2013\license_us.htm
c:\program files\AVG\AVG2013\mfaus.lns
c:\program files\AVG\AVG2013\mfaverx.txt
c:\program files\AVG\AVG2013\personalise_us.htm
c:\program files\AVG\AVG2013\ph.dat
c:\program files\AVG\AVG2013\privacy_policy_us.htm
c:\program files\AVG\AVG2013\safeguard.exe
c:\program files\AVG\AVG2013\sb.dat
c:\program files\AVG\AVG2013\sb.dat.xcd
c:\program files\AVG\AVG2013\sb2.dat
c:\program files\AVG\AVG2013\sc.dat
c:\program files\AVG\AVG2013\sc.dat.xcd
c:\program files\AVG\AVG2013\sounds\scan_finish_threat_found.wav
c:\program files\AVG\AVG2013\sounds\scan_os_alert.wav
c:\program files\AVG\AVG2013\sounds\scan_rs_alert.wav
c:\program files\AVG\AVG2013\sounds\update_end_fail.wav
c:\program files\AVG\AVG2013\Tuneup\DriveDefrag32.dll
c:\program files\AVG\AVG2013\Tuneup\GainDiskSpace.dll
c:\program files\AVG\AVG2013\Tuneup\RegistryCleaner.dll
c:\program files\AVG\AVG2013\Tuneup\ShortcutCleaner.dll
c:\program files\AVG\AVG2013\Tuneup\TUDiskCleaner.dat
c:\program files\AVG\AVG2013\Tuneup\TUDiskCleanerLite.dat
c:\program files\AVG\AVG2013\Tuneup\TUMicroScanner.exe
c:\program files\AVG\AVG2013\Tuneup\TuneUpAPI32.dll
c:\program files\AVG\AVG2013\Tuneup\TuneUpCore.bpl
c:\program files\AVG\AVG2013\updatecomps.bak
c:\program files\AVG\AVG2013\winamapix.dll
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\UpdaterConfig.ini
c:\programdata\AVG SafeGuard toolbar
c:\programdata\AVG SafeGuard toolbar\Logger\logger.properties
c:\programdata\AVG2013
c:\programdata\AVG2013\avi\iavichjw.avm
c:\programdata\AVG2013\avi\incavi.avm
c:\programdata\AVG2013\Cfg\admin.cfg
c:\programdata\AVG2013\Cfg\changecfgreg.cfg
c:\programdata\AVG2013\Cfg\csl.cfg
c:\programdata\AVG2013\Cfg\dav.cfg
c:\programdata\AVG2013\Cfg\erd.cfg
c:\programdata\AVG2013\Cfg\falsealarm.cfg
c:\programdata\AVG2013\Cfg\idp.cfg
c:\programdata\AVG2013\Cfg\idp2.cfg
c:\programdata\AVG2013\Cfg\krnl.cfg
c:\programdata\AVG2013\Cfg\krnlall.cfg
c:\programdata\AVG2013\Cfg\mail.cfg
c:\programdata\AVG2013\Cfg\malrep.cfg
c:\programdata\AVG2013\Cfg\ocm.cfg
c:\programdata\AVG2013\Cfg\ocmstateall.cfg
c:\programdata\AVG2013\Cfg\rsexcludes.cfg
c:\programdata\AVG2013\Cfg\scan.cfg
c:\programdata\AVG2013\Cfg\sched.cfg
c:\programdata\AVG2013\Cfg\setup.cfg
c:\programdata\AVG2013\Cfg\srmall.cfg
c:\programdata\AVG2013\Cfg\update.cfg
c:\programdata\AVG2013\Cfg\updateall.cfg
c:\programdata\AVG2013\Cfg\updatecomps.cfg
c:\programdata\AVG2013\Cfg\user.cfg
c:\programdata\AVG2013\Cfg\userall.cfg
c:\programdata\AVG2013\Cfg\wd.cfg
c:\programdata\AVG2013\Chjw\2ea26b6ba26b368d.dat
c:\programdata\AVG2013\Chjw\2ea26b6ba26b368d\avgcchff.dat
c:\programdata\AVG2013\Chjw\2ea26b6ba26b368d\avgcchfi.dat
c:\programdata\AVG2013\Chjw\2ea26b6ba26b368d\avgcchmf.dat
c:\programdata\AVG2013\Chjw\2ea26b6ba26b368d\avgcchmi.dat
c:\programdata\AVG2013\Chjw\8a0c686e0c6856eb.dat
c:\programdata\AVG2013\Chjw\8a0c686e0c6856eb\avgcchff.dat
c:\programdata\AVG2013\Chjw\8a0c686e0c6856eb\avgcchfi.dat
c:\programdata\AVG2013\Chjw\8a0c686e0c6856eb\avgcchmf.dat
c:\programdata\AVG2013\Chjw\8a0c686e0c6856eb\avgcchmi.dat
c:\programdata\AVG2013\Chjw\8a2cf4f62cf4de5f.dat
c:\programdata\AVG2013\Chjw\8a2cf4f62cf4de5f\avgcchff.dat
c:\programdata\AVG2013\Chjw\8a2cf4f62cf4de5f\avgcchfi.dat
c:\programdata\AVG2013\Chjw\8a2cf4f62cf4de5f\avgcchmf.dat
c:\programdata\AVG2013\Chjw\8a2cf4f62cf4de5f\avgcchmi.dat
c:\programdata\AVG2013\DB\detection.db
c:\programdata\AVG2013\DB\exceptions.dat
c:\programdata\AVG2013\DB\stats.db
c:\programdata\AVG2013\IDS\config\quarantinedList.zip
c:\programdata\AVG2013\IDS\config\quarantinedList.zip.bak
c:\programdata\AVG2013\IDS\config\ShortcutCache.dat
c:\programdata\AVG2013\IDS\malwareprofile\backup.dat
c:\programdata\AVG2013\IDS\malwareprofile\nodes.dat
c:\programdata\AVG2013\IDS\outbox\.contents
c:\programdata\AVG2013\IDS\outbox\0\0
c:\programdata\AVG2013\IDS\profile\globalLoadable.bak
c:\programdata\AVG2013\IDS\profile\globalLoadable.gdb
c:\programdata\AVG2013\log\advisorlog.cfg
c:\programdata\AVG2013\log\arklog.cfg
c:\programdata\AVG2013\log\avgdiaglog.cfg
c:\programdata\AVG2013\log\avgmail.cfg
c:\programdata\AVG2013\log\avgss.cfg
c:\programdata\AVG2013\log\avguilog.cfg
c:\programdata\AVG2013\log\cfgexlog.cfg
c:\programdata\AVG2013\log\cfglog.cfg
c:\programdata\AVG2013\log\chjwlog.cfg
c:\programdata\AVG2013\log\corelog.cfg
c:\programdata\AVG2013\log\csllog.cfg
c:\programdata\AVG2013\log\deciderlog.cfg
c:\programdata\AVG2013\log\emclog.cfg
c:\programdata\AVG2013\log\history.xml
c:\programdata\AVG2013\log\idpdrvlog.cfg
c:\programdata\AVG2013\log\idpehlog.cfg
c:\programdata\AVG2013\log\idplog.cfg
c:\programdata\AVG2013\log\krnlapi.cfg
c:\programdata\AVG2013\log\ldrlog.cfg
c:\programdata\AVG2013\log\lnglog.cfg
c:\programdata\AVG2013\log\mflog.cfg
c:\programdata\AVG2013\log\msgdisplog.cfg
c:\programdata\AVG2013\log\nslog.cfg
c:\programdata\AVG2013\log\privlog.cfg
c:\programdata\AVG2013\log\publog.cfg
c:\programdata\AVG2013\log\rslog.cfg
c:\programdata\AVG2013\log\scanlog.cfg
c:\programdata\AVG2013\log\schedlog.cfg
c:\programdata\AVG2013\log\secapilog.cfg
c:\programdata\AVG2013\log\srmlog.cfg
c:\programdata\AVG2013\log\tdilog.cfg
c:\programdata\AVG2013\log\updlog.cfg
c:\programdata\AVG2013\log\vaultlog.cfg
c:\programdata\AVG2013\log\wdlog.cfg
c:\programdata\AVG2013\log\wdsvclog.cfg
c:\programdata\AVG2013\SetupBackup\AntiRkx.cab
c:\programdata\AVG2013\SetupBackup\Antivirx.cab
c:\programdata\AVG2013\SetupBackup\Avgx86.msi
c:\programdata\AVG2013\SetupBackup\base2x.cab
c:\programdata\AVG2013\SetupBackup\basex.cab
c:\programdata\AVG2013\SetupBackup\COREx.cab
c:\programdata\AVG2013\SetupBackup\COREx86.msi
c:\programdata\AVG2013\SetupBackup\Emailsx.cab
c:\programdata\AVG2013\SetupBackup\GUIx.cab
c:\programdata\AVG2013\SetupBackup\IDPx.cab
c:\programdata\AVG2013\SetupBackup\lng_usx.cab
c:\programdata\AVG2013\SetupBackup\ResShldx.cab
c:\programdata\AVG2013\SetupBackup\SrchSrfx.cab
c:\programdata\AVG2013\SetupBackup\SSHttpBx.cab
c:\programdata\AVG2013\SetupBackup\TDIDrvx.cab
c:\programdata\AVG2013\SetupBackup\TuneUpx.cab
c:\programdata\AVG2013\SetupBackup\Updatex.cab
c:\programdata\AVG2013\srmcheck.tmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG
c:\programdata\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Preferences
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar\Chrome\Default\Web Data
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_08_16_06_31_44.db
c:\users\Darci\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_08_17_07_17_07.db
c:\users\Darci\AppData\Local\Avg2013
c:\users\Darci\AppData\Local\Avg2013\log\avgcfg.log
c:\users\Darci\AppData\Local\Avg2013\log\avgcfg.log.1
c:\users\Darci\AppData\Local\Avg2013\log\avgcfg.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.1
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.2
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.3
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.4
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.5
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.6
c:\users\Darci\AppData\Local\Avg2013\log\avgcore.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgdecider.log
c:\users\Darci\AppData\Local\Avg2013\log\avgdecider.log.1
c:\users\Darci\AppData\Local\Avg2013\log\avgdecider.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgidpagentmonitor.log
c:\users\Darci\AppData\Local\Avg2013\log\avgidpagentmonitor.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgmsgdisp.log
c:\users\Darci\AppData\Local\Avg2013\log\avgmsgdisp.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgpostinst.log
c:\users\Darci\AppData\Local\Avg2013\log\avgpostinst.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgual.2013-08-15.log
c:\users\Darci\AppData\Local\Avg2013\log\avgual.2013-08-17.log
c:\users\Darci\AppData\Local\Avg2013\log\avgual.log
c:\users\Darci\AppData\Local\Avg2013\log\avgual.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgui.log
c:\users\Darci\AppData\Local\Avg2013\log\avgui.log.1
c:\users\Darci\AppData\Local\Avg2013\log\avgui.log.2
c:\users\Darci\AppData\Local\Avg2013\log\avgui.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\avgupd.log
c:\users\Darci\AppData\Local\Avg2013\log\avgupd.log.1
c:\users\Darci\AppData\Local\Avg2013\log\avgupd.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\fixcfg.log
c:\users\Darci\AppData\Local\Avg2013\log\fixcfg.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log.1
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log.2
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log.3
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log.4
c:\users\Darci\AppData\Local\Avg2013\log\krnlapi.log.lock
c:\users\Darci\AppData\Local\Avg2013\log\lng.log
c:\users\Darci\AppData\Local\Avg2013\log\lng.log.lock
c:\users\Darci\AppData\Local\Avg2013\update\download\avg13infoavi.ctf
c:\users\Darci\AppData\Local\Avg2013\update\download\avg13infowin.ctf
c:\users\Darci\AppData\Roaming\AVG2013
c:\users\Darci\AppData\Roaming\AVG2013\cfgall\fixcfg.lock
c:\users\Darci\AppData\Roaming\AVG2013\cfgall\userawacs.cfg
c:\users\Darci\AppData\Roaming\AVG2013\cfgall\usergui.cfg
c:\users\Darci\AppData\Roaming\AVG2013\cfgall\userguistate.cfg
c:\users\Darci\AppData\Roaming\TuneUp Software
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSHX
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLOGX
-------\Legacy_AVGTP
-------\Service_AVGIDSHX
-------\Service_AVGIDSShim
-------\Service_Avglogx
-------\Service_avgtp
-------\Service_vToolbarUpdater15.5.0
.
.
((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 15:58 . 2013-08-21 16:04 -------- d-----w- c:\users\Darci\AppData\Local\temp
2013-08-21 15:58 . 2013-08-21 15:58 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-08-21 15:58 . 2013-08-21 15:58 -------- d-----w- c:\users\jbh-1\AppData\Local\temp
2013-08-21 15:58 . 2013-08-21 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 02:24 . 2013-08-21 02:25 -------- d-----w- c:\program files\Google
2013-08-21 02:09 . 2013-08-21 02:09 -------- d-----w- c:\program files\Pandora
2013-08-20 09:18 . 2013-05-14 16:32 356352 ----a-w- c:\windows\system32\EAPPHPMUI.DLL
2013-08-20 09:18 . 2013-04-15 16:06 176128 ----a-w- c:\windows\system32\EAPPHPM.DLL
2013-08-20 09:17 . 2013-08-20 09:18 -------- d-----w- c:\programdata\epson
2013-08-20 09:17 . 2013-04-23 22:01 847488 ----a-w- c:\windows\system32\EpsStmApi.dll
2013-08-20 09:17 . 2013-04-15 15:58 225280 ----a-w- c:\windows\system32\EAPApiData.dll
2013-08-20 09:16 . 2013-08-20 09:16 -------- d-----w- c:\program files\Common Files\EPSON
2013-08-20 09:14 . 2013-04-15 17:03 19968 ----a-w- c:\windows\system32\eaptmco.dll
2013-08-20 09:14 . 2013-04-15 15:51 126976 ----a-w- c:\windows\system32\EAPTMLM.dll
2013-08-20 09:14 . 2012-03-01 17:05 49408 ----a-w- c:\windows\system32\drivers\TMUSBXP.sys
2013-08-19 13:46 . 2013-08-19 13:46 -------- d-----w- c:\program files\ESET
2013-08-18 17:23 . 2013-08-18 17:23 -------- d-----w- c:\users\Darci\AppData\Roaming\Malwarebytes
2013-08-18 17:23 . 2013-08-18 17:23 -------- d-----w- c:\programdata\Malwarebytes
2013-08-18 06:47 . 2013-08-18 06:47 -------- d-----w- c:\windows\ERUNT
2013-08-18 06:25 . 2013-08-18 06:25 233 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-15 10:12 . 2013-08-15 10:17 -------- d-----w- c:\windows\system32\MRT
2013-08-15 00:35 . 2013-08-16 01:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-15 00:35 . 2013-08-16 01:41 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-08-15 00:27 . 2013-08-15 00:27 -------- d-----w- c:\users\Darci\AppData\Local\MFAData
2013-08-14 23:49 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 23:49 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 23:49 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 23:49 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 23:49 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 23:49 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 23:46 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 23:46 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 23:46 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 21:07 . 2013-08-14 21:46 -------- d-----w- c:\program files\SysTools SQL Recovery - 5.5(Full Version)
2013-08-02 16:01 . 2013-08-07 00:26 -------- d-----w- c:\users\Darci\AppData\Local\VirtualStore
2013-07-31 21:20 . 2013-07-31 21:20 -------- d-----w- c:\users\Darci\AppData\Local\Microsoft Help
2013-07-31 19:16 . 2013-07-31 19:16 -------- d-----w- c:\users\Darci\AppData\Local\Citrix
2013-07-25 22:54 . 2013-07-25 22:54 -------- d-----w- c:\users\Darci\AppData\Roaming\com.pandora.desktop
2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\windows\system32\drivers\MCLIENT
2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\program files\Norton Management
2013-07-25 22:49 . 2013-03-05 02:14 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-07-25 22:44 . 2013-08-18 13:11 -------- d-----w- c:\users\Darci\AppData\Local\CrashDumps
2013-07-25 22:39 . 2013-07-25 22:39 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\windows\system32\drivers\NIS
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\program files\Norton Internet Security
2013-07-25 22:38 . 2013-07-25 22:50 -------- d-----w- c:\program files\NortonInstaller
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 20:48 . 2012-04-15 19:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-20 20:48 . 2011-06-02 21:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-25 02:26 . 2013-08-15 10:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-07-25 02:23 . 2013-08-15 10:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-07-20 08:51 . 2013-07-20 08:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-17 19:41 . 2013-08-14 23:50 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-10 09:47 . 2013-08-14 23:49 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-08 04:20 . 2013-08-14 23:46 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-07-02 06:54 . 2013-07-23 11:16 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1D01992-1F20-427E-8D0F-AFC785995EB7}\mpengine.dll
2013-06-08 16:42 . 2013-06-07 16:41 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 16:42 . 2013-06-09 18:02 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-04 16:50 . 2008-07-26 17:44 286720 ------w- c:\windows\Setup1.exe
2013-06-04 16:50 . 2008-07-26 17:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-04 16:48 . 2013-06-04 16:48 251472 ----a-w- c:\windows\system32\temp.00B
2013-06-04 16:48 . 2013-06-04 16:48 115920 ----a-w- c:\windows\system32\temp.00A
2013-06-04 16:46 . 2013-06-04 16:46 140288 ----a-w- c:\windows\system32\temp.009
2013-06-04 16:45 . 2013-06-04 16:45 1142776 ----a-w- c:\windows\system32\temp.008
2013-06-04 01:50 . 2013-07-10 15:42 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-10 15:41 505344 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-04-30 63048]
"OEM07Mon.exe"="c:\windows\OEM07Mon.exe" [2007-07-20 36864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
.
c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Transcend.LNK - c:\program files\Prosolutions\Transcend.exe [2012-7-12 53805056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PCCharge Payment Server.lnk - c:\active-charge\Active-Charge.Exe [2011-11-1 19103744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3697875056-3224753802-395575746-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-21 02:25 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:48]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-21 02:24]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-21 02:24]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000Core.job
- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]
.
2013-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000UA.job
- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
HKLM-Run-EpsonAPD4SV - c:\program files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-21 09:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldfcoms.exe
c:\program files\epson\portcommunicationservice\DeviceControlLog.exe
c:\program files\epson\portcommunicationservice\PCSVC.exe
c:\windows\system32\LMabcoms.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NetMass\SystemSafePro\bin\StoreGrid.exe
c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2013-08-21 09:15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-21 16:15
ComboFix2.txt 2013-08-18 08:35
.
Pre-Run: 146,311,094,272 bytes free
Post-Run: 146,248,925,184 bytes free
.
- - End Of File - - DC8F8F71A762F037F88D90CE4173F365
5C616939100B85E558DA92B899A0FC36
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
OK Looks like we got most of AVG.

Run OTL, quickscan and post the log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP