Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC running slow and difficult to get out of sleep


  • Please log in to reply

#1
dar124

dar124

    Member

  • Member
  • PipPip
  • 87 posts
Hello, Iím not sure if this is a virus / spyware / malware, etc or more of a hardware issue, but I havenít done any scans on my PC in a while so I figured that Iíd come here to have some scan logs looked over to make sure there arenít any virus issues.

I have a Gateway 710S, Intel P4 HT 3.20 GHz with a Nvidia GeForce 6200 and 3GB of ram running Windows 7 Ultimate. The PC is set to go to sleep (I actually think itís the Windows 7 hybrid-sleep) after 25 minutes or so. But recently it hasnít been coming out of sleep when Iíd hit a key on the keyboard. Iíve had to press the power button, then Windows will resume, but even then it seems like it takes a couple of minutes to fully wake up. So like I said, Iím not sure if this is more hardware related, but I figured that Iíd start here with a quick scan and see if anything looks out of the ordinary with the log files. Thanks in advance.

Here's the OTL & Extra's log files.


OTL logfile created on: 8/21/2013 8:27:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darrin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.91% Memory free
5.99 Gb Paging File | 4.12 Gb Available in Paging File | 68.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 39.69 Gb Free Space | 53.32% Space Free | Partition Type: NTFS
Drive D: | 232.79 Gb Total Space | 166.07 Gb Free Space | 71.34% Space Free | Partition Type: NTFS

Computer Name: DAR124 | User Name: Darrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/21 08:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darrin\Desktop\OTL.exe
PRC - [2013/08/01 17:16:18 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/02/22 07:33:00 | 002,285,920 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2013/02/22 07:32:59 | 007,862,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2013/02/22 07:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2013/02/22 07:24:58 | 000,106,848 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2013/02/19 22:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 22:07:24 | 001,099,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Launchpad.exe
PRC - [2012/11/02 20:03:44 | 000,098,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe
PRC - [2012/11/02 19:46:40 | 000,084,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
PRC - [2012/11/02 17:14:44 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/10/19 11:03:38 | 000,251,392 | ---- | M] (AxoNet Software GmbH) -- C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
PRC - [2012/10/19 11:03:32 | 000,015,872 | ---- | M] (AxoNet Software GmbH) -- C:\Program Files\Windows Server\Bin\LightsOutClientService.exe
PRC - [2012/01/12 11:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
PRC - [2011/08/13 10:17:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
PRC - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
PRC - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/21 06:16:16 | 000,390,712 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/08/21 06:16:12 | 000,779,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/08/21 06:15:32 | 005,459,136 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/08/20 09:18:30 | 002,536,752 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/03/18 12:19:46 | 000,154,776 | ---- | M] (Citrix Systems, Inc) -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) -- D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/04/09 12:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CtHelper.exe
PRC - [2007/03/16 01:24:02 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbccoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/13 19:17:17 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dll
MOD - [2013/08/13 19:15:00 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\224d59cb515eb3660e0b4d4530f946bc\System.IdentityModel.ni.dll
MOD - [2013/08/13 19:14:57 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\069130d01589ff7ead36c597b37fcdf7\System.ServiceModel.ni.dll
MOD - [2013/08/13 19:12:21 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll
MOD - [2013/08/13 19:11:56 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/13 19:11:55 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d82770dc4e5fee30ca8a7244bf7f613a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/08/13 19:11:53 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/13 19:11:52 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\420022aad3481c670eb86a4ca72d5b43\System.Runtime.Serialization.ni.dll
MOD - [2013/08/13 19:10:07 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/13 18:53:31 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll
MOD - [2013/08/13 18:53:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/13 18:53:03 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/13 18:52:56 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\56a1feb800860a3bc5d8a45ee92a77ec\PresentationFramework.ni.dll
MOD - [2013/08/13 18:52:41 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8fefdc1ecedf91a104b084c7d8200bde\System.Data.ni.dll
MOD - [2013/08/13 18:52:21 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\121e3bb63d1d2d2487c855819263ed7c\System.Security.ni.dll
MOD - [2013/08/13 18:52:10 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/13 18:52:06 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\001aeb860d7f2ba416e0fedc606fee98\PresentationCore.ni.dll
MOD - [2013/08/13 18:51:57 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll
MOD - [2013/08/13 18:51:45 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c25ede0d0127774c504c4fc41d4de273\System.Core.ni.dll
MOD - [2013/08/13 18:51:30 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b3ed31a444f444325ddb64b290ed2f1e\WindowsBase.ni.dll
MOD - [2013/08/13 18:51:20 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/12 03:44:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/12 03:22:36 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/04/01 10:33:25 | 000,008,704 | ---- | M] () -- C:\Users\Darrin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\GetCoreTempInfoNET.dll
MOD - [2012/04/01 10:33:25 | 000,007,680 | ---- | M] () -- C:\Users\Darrin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\SystemInfo.dll
MOD - [2012/04/01 10:33:25 | 000,006,144 | ---- | M] () -- C:\Users\Darrin\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\CoreTempReader.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/08/01 17:16:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/22 07:32:59 | 002,849,120 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2013/02/19 22:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/02 20:03:44 | 000,098,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient)
SRV - [2012/11/02 19:46:40 | 000,084,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV - [2012/11/02 17:14:44 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/10/19 11:03:32 | 000,015,872 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LightsOutClientService.exe -- (LoClntService)
SRV - [2012/01/12 11:26:20 | 000,040,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry)
SRV - [2011/08/20 19:47:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/08/13 10:17:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/12 18:03:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor)
SRV - [2011/03/02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc)
SRV - [2011/03/02 13:54:44 | 000,162,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate)
SRV - [2010/08/21 06:16:12 | 000,779,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 12:19:46 | 000,154,776 | ---- | M] (Citrix Systems, Inc) [Auto | Running] -- C:\Program Files\Citrix\Secure Access Client\nsverctl.exe -- (nsverctl)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/07/17 17:12:24 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/06/29 19:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- D:\Program Files\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/03/16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbccoms.exe -- (lxbc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\COMMONFX.SYS -- (COMMONFX)
DRV - [2013/06/28 07:24:20 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/28 07:24:19 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/28 07:24:17 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/11/02 17:14:46 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2012/11/02 17:14:42 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2012/11/02 17:14:40 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/11/02 17:14:33 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/04/25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2011/03/02 13:33:12 | 000,053,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BackupReader.sys -- (BackupReader)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/03/18 12:20:50 | 000,041,624 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctxva51.sys -- (ctxva51)
DRV - [2010/03/09 17:18:30 | 000,081,024 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys -- (cag)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {351D35CC-ECB0-453B-B152-9ACF8A069ED0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...SP_def&AF=17284
IE - HKCU\..\SearchScopes\{351D35CC-ECB0-453B-B152-9ACF8A069ED0}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.39.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://fileserver1/....RichUpload.cab (Wssg.Web.FileAccess.RichUpload.UploadControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88688A56-D2D2-4B43-A188-E694FFD1B22F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05dd813a-d5db-11e1-ad97-000cf1a23787}\Shell - "" = AutoRun
O33 - MountPoints2\{05dd813a-d5db-11e1-ad97-000cf1a23787}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{8f3652c8-cb9a-11e0-af81-000cf1a23787}\Shell - "" = AutoRun
O33 - MountPoints2\{8f3652c8-cb9a-11e0-af81-000cf1a23787}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/21 08:25:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darrin\Desktop\OTL.exe
[2013/08/13 18:49:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/04 11:53:47 | 000,000,000 | ---D | C] -- C:\Users\Darrin\Desktop\Flash Drive
[2013/08/01 17:07:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/07/23 21:37:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2011/08/13 09:38:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Darrin\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/08/21 08:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/21 08:25:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darrin\Desktop\OTL.exe
[2013/08/21 06:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/20 14:40:33 | 000,030,912 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000003-00000000-00000001-00001102-00000004-10061102}.rfx
[2013/08/20 14:40:33 | 000,030,912 | ---- | M] () -- C:\Windows\System32\BMXState-{00000003-00000000-00000001-00001102-00000004-10061102}.rfx
[2013/08/20 14:40:33 | 000,030,120 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000003-00000000-00000001-00001102-00000004-10061102}.rfx
[2013/08/20 14:40:33 | 000,030,120 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000003-00000000-00000001-00001102-00000004-10061102}.rfx
[2013/08/20 14:40:33 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000003-00000000-00000001-00001102-00000004-10061102}.rfx
[2013/08/20 10:48:01 | 000,660,874 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/20 10:48:01 | 000,121,222 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/20 09:39:00 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 09:39:00 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 14:48:24 | 2414,977,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/01 17:07:02 | 388,296,855 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/31 17:48:26 | 000,002,236 | -H-- | M] () -- C:\Users\Darrin\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2013/08/01 17:07:02 | 388,296,855 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/06/28 07:24:23 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/28 07:24:22 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 07:24:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/03/01 21:57:04 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/01 21:57:04 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/03/31 17:12:12 | 000,000,339 | ---- | C] () -- C:\Users\Darrin\AppData\Roaming\Drives Meter_Settings.ini
[2011/08/14 14:13:37 | 000,005,632 | ---- | C] () -- C:\Users\Darrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 09:38:21 | 000,087,608 | ---- | C] () -- C:\Users\Darrin\AppData\Roaming\inst.exe
[2011/08/13 09:38:21 | 000,007,887 | ---- | C] () -- C:\Users\Darrin\AppData\Roaming\pcouffin.cat
[2011/08/13 09:38:21 | 000,001,144 | ---- | C] () -- C:\Users\Darrin\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/08/21 09:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/02 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\Acronis
[2013/08/17 13:35:51 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\Azureus
[2013/02/26 17:09:07 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\CrashPlan
[2013/05/07 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\ICAClient
[2011/08/15 12:31:10 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\ImgBurn
[2013/06/17 10:29:03 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\Nico Mak Computing
[2011/08/13 10:03:02 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\RipIt4Me
[2013/06/17 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\Slick Savings
[2013/06/12 11:10:48 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\TeamViewer
[2011/08/13 10:54:31 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\VectorVest, Inc
[2011/08/13 09:38:53 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\Vso
[2012/09/28 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Darrin\AppData\Roaming\xVideoServiceThief

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_0home1455096040
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-997497200
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home9452684
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home937237662
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-554315429
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home466279566
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home344929875
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home336323577
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home332194419
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home1655414263
@Alternate Data Stream - 24038 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-1416476257
@Alternate Data Stream - 1086 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_3my_stations-930357013
@Alternate Data Stream - 1086 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_2create1568545187
@Alternate Data Stream - 1086 bytes -> C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_1live-1912515702

< End of report >








OTL Extras logfile created on: 8/21/2013 8:27:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darrin\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 56.91% Memory free
5.99 Gb Paging File | 4.12 Gb Available in Paging File | 68.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 39.69 Gb Free Space | 53.32% Space Free | Partition Type: NTFS
Drive D: | 232.79 Gb Total Space | 166.07 Gb Free Space | 71.34% Space Free | Partition Type: NTFS

Computer Name: DAR124 | User Name: Darrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039CC594-D39D-440C-9AA5-4A8A66979788}" = rport=138 | protocol=17 | dir=out | app=system |
"{14B1AA98-FBDE-4517-88D1-A76E97E7AADF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{315422D9-7D6B-4E61-AB3E-5D323448D3EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3ADF689A-E289-40C3-B189-563D74C42154}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D61540A-3547-4AD9-BC03-14DF0104306E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4640A8C5-A75E-456B-90B1-94A8EC15C718}" = lport=6004 | protocol=17 | dir=in | app=d:\program files\microsoft office\office12\outlook.exe |
"{488B37AA-CAFC-4CA7-8AC2-6A721EC0326A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48A3724B-4B3F-49B3-BC34-8968B98DCC87}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{52E8256B-6E5A-4FE7-AF4C-25A09D4D20BE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BDF71C8-C401-4CDD-BD57-55CEEC7EEC0C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{653387D4-2BF8-481E-9D58-2A9E0054FC92}" = lport=138 | protocol=17 | dir=in | app=system |
"{6B560FDC-F085-4B6A-BEE6-A4FCA6E54329}" = lport=3389 | protocol=6 | dir=in | app=system |
"{740507F0-5583-4E65-8F2A-4EA12171E4B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7954F56E-958A-483B-8DA7-5BAAEE22019F}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C8416A5-8C8F-4892-A76B-FBCB017A4B24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89489FAA-D4B1-455E-9109-52AB089E3E7E}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{916EE5E7-858D-42EB-BDF4-6C98A1E44737}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93E853DD-B8E5-424A-9D99-82F261417A68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2801CCE-84C5-44D9-A8EA-7C7C13ACCCDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEC8C394-83BE-4A27-BB1E-6D6879927D53}" = lport=137 | protocol=17 | dir=in | app=system |
"{B718F317-96D9-46B5-BE08-F61A73610F7C}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9DCDBE0-E770-43BB-980C-FBAE6CB8982E}" = rport=139 | protocol=6 | dir=out | app=system |
"{BADDBCE6-2CF4-4452-A2C3-CB49E1645999}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC2E8FF2-A290-40A3-BCD0-BD1B2FBC8798}" = rport=445 | protocol=6 | dir=out | app=system |
"{C010C845-4208-4D29-82BD-5E12E62F494E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2079289-C4A2-484C-8CC7-C1D3D201E2F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5162F9A-8045-4C91-B3BB-20327A652683}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA04B8B0-322F-4476-9D3A-527C6D01D6EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC31DB07-CEA8-4D87-8036-CFD881B24B86}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C02AFD-D55E-489A-9AD4-2E9ED817348C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EC44BFF-7AF5-4113-ABBE-0D9A60B889EF}" = protocol=58 | dir=out | [email protected],-28546 |
"{3E3B0854-5641-4583-9329-E4A403CC3168}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41ED75ED-41B9-47FE-B771-5CA5CFCA3D36}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{58A2CD3E-06F7-406E-A745-8780B8BD2149}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{64CA445E-04D5-4A93-A249-55CD2B08A58D}" = dir=in | app=c:\program files\citrix\secure access client\nsload.exe |
"{657055FE-FC05-43A1-B69E-84D151A9B9A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CAEDE8B-1BA7-40EF-B277-491C1A70F580}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{73D4B00E-F0A2-489C-9814-C4983261626D}" = dir=out | app=c:\program files\citrix\secure access client\nsepa.exe |
"{776BE62A-5DDD-4BE1-9C61-6B05CAAA7F25}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{788F94BE-4C43-4905-9F4C-995A6393FCF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{811C6D48-F9A7-4FB9-9DE4-40497A6DC9F9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{8A8B50F2-DE34-47F5-9BEE-9FA8013FA00C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90647F2C-336E-4CF3-9F2D-C250803627F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97EC7DA8-D089-4492-B014-42F3895EAC7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98DBCA6B-851D-46B2-9536-0B6FE96DF007}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbcpswx.exe |
"{B6C243C2-8CB7-4B93-A60D-17EEFE1BD235}" = dir=out | app=c:\program files\citrix\secure access client\nsload.exe |
"{B7D67A42-D839-42D6-8712-E899DDD83D4B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C1ABD4C3-02B6-4075-A102-65BCAF0F652A}" = protocol=6 | dir=out | app=system |
"{C2CA3D8A-185B-44F8-A9DE-BB3C09EA9620}" = dir=in | app=c:\program files\citrix\secure access client\nsepa.exe |
"{C56D5E2D-411E-4718-AD9C-D619C95EB093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9A67067-3C3B-4108-A57A-5B76339A4EAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA8DAD02-259B-4327-AC34-9C218E700F9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBCB1070-F4D7-4579-B329-F84DF56B48DA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D2C50CB2-9C96-46E6-B0EA-1C1AAD99013C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D8839B91-CF46-460E-8E96-CF8D8B4D12A8}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{DC194D8F-FBA7-443D-A747-51ECB0A666BF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{E82E4C4E-EDFA-423D-A950-BC980A7F6966}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{ECC41A8D-B654-47D1-AE7F-32CDFFBA640E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ED362C8E-C192-48EF-82DA-78103253643F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{F15CD3C8-263F-429B-9C87-766619940F9E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{F4E37DCA-5F2D-4A05-BB13-11EF37F152A3}" = protocol=58 | dir=in | [email protected],-28545 |
"{F79EF121-36FA-40E5-BE3F-324E5720B3F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8714D37-ABA5-440A-9A48-3CE209285976}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD4B4BF0-1A06-402D-8758-653D51FA623A}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD6EB30B-0089-4EE3-A26E-FBB37758F050}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{3EC5938B-AB78-46FB-88AD-C6AD213ADF79}D:\program files\ares\ares.exe" = protocol=6 | dir=in | app=d:\program files\ares\ares.exe |
"TCP Query User{64477E8E-E9CA-4432-B21F-9F6FC33F3889}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6C317E4E-C30B-4C0B-8468-D302F564CB1E}D:\Program Files\Ares\Ares.exe" = protocol=6 | dir=in | app=d:\program files\ares\ares.exe |
"UDP Query User{326E3B6C-0F71-4D4C-ADE5-04DED1E67578}D:\program files\ares\ares.exe" = protocol=17 | dir=in | app=d:\program files\ares\ares.exe |
"UDP Query User{806C5BB0-6423-4D99-94F7-7144C23B9861}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{82878FFD-B0D7-4C1B-A6E8-49C94AA5D571}D:\Program Files\Ares\Ares.exe" = protocol=17 | dir=in | app=d:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis†True†Image†Home 2011
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java™ 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26D3E377-1DCA-4043-9410-B4A9BACF1033}" = Nero 7 Premium
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.7
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46DCED50-3A1D-4EF4-94F0-45F2681E3D70}" = Windows Home Server 2011 Connector
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeô 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A6B82920-25DD-41B5-A680-5B6FB65BA6D9}" = VectorVest U.S.
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D19FF327-B7C6-4A7A-A0D4-F0B280BEF262}" = VectorVest 7
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3C5F53A-78EA-413C-843B-8EC03115B339}" = Citrix Access Gateway Plug-in
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FA8655AE-DFDE-4348-A105-AE39BE732C8C}" = Lights-Out Client x86
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.5 Standard
"Adobe Acrobat 8 Standard_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.2.8.1)
"Ares" = Ares 2.1.7
"AudioCS" = Creative Audio Console
"avast" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.2a
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.3.2 (30/10/2010)
"DVDXCopy" = DVDXCopy (remove only)
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.8.5
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Neonatal Resuscitation DVD-ROM" = Neonatal Resuscitation DVD-ROM
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PE Builder_is1" = PE Builder 3.1.10a
"PhotoFiltre" = PhotoFiltre
"PROPLUS" = Microsoft Office Professional Plus 2007
"TeamViewer 7" = TeamViewer 7
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp (remove only)
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2013 2:30:55 PM | Computer Name = dar124 | Source = VSS | ID = 8194
Description =

Error - 8/20/2013 2:40:28 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/20/2013 2:40:28 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2250

Error - 8/20/2013 2:40:28 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2250

Error - 8/20/2013 2:40:30 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/20/2013 2:40:30 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4203

Error - 8/20/2013 2:40:30 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4203

Error - 8/20/2013 2:40:32 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/20/2013 2:40:32 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6156

Error - 8/20/2013 2:40:32 PM | Computer Name = dar124 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6156

[ System Events ]
Error - 9/22/2012 4:45:50 PM | Computer Name = dar124 | Source = DCOM | ID = 10016
Description =

Error - 9/23/2012 2:29:36 PM | Computer Name = dar124 | Source = DCOM | ID = 10010
Description =

Error - 9/27/2012 3:00:12 AM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/28/2012 4:06:07 PM | Computer Name = dar124 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:47:16 PM on ?9/?28/?2012 was unexpected.

Error - 9/29/2012 8:01:54 AM | Computer Name = dar124 | Source = DCOM | ID = 10010
Description =

Error - 9/30/2012 8:39:09 AM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 9/30/2012 12:12:00 PM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/1/2012 9:22:57 AM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 10/1/2012 2:29:32 PM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 10/2/2012 2:29:32 PM | Computer Name = dar124 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

[ WSSG Events ]
Error - 4/20/2013 2:37:45 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:39:23 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:41:02 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:42:40 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:44:18 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:45:56 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:47:34 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:49:12 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:50:50 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]

Error - 4/20/2013 2:52:28 PM | Computer Name = dar124 | Source = Windows Server | ID = 268370434
Description = Backup job 0 on did not succeed. Reason: ServerUnreachable, System.String[]


< End of report >

Edited by dar124, 21 August 2013 - 09:06 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dar124,

Welcome to Geekstogo.

Not a huge amount leaping out at me there.

Let's have a deeper look.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. For your machine the 32bit one will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok, here's the 2 log files from the Farbar scan.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 01
Ran by Darrin (administrator) on 27-08-2013 06:27:40
Running from C:\Users\Darrin\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Seagate Technology LLC) D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(AxoNet Software GmbH) C:\Program Files\Windows Server\bin\LightsOutClientService.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
( ) C:\Windows\system32\lxbccoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TeamViewer GmbH) c:\program files\teamviewer\version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AxoNet Software GmbH) C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Acrobat Assistant 8.0] - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - D:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
MountPoints2: {05dd813a-d5db-11e1-ad97-000cf1a23787} - G:\setup.exe -a
MountPoints2: {8f3652c8-cb9a-11e0-af81-000cf1a23787} - G:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lights-Out Client.lnk
ShortcutTarget: Lights-Out Client.lnk -> C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe (AxoNet Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {351D35CC-ECB0-453B-B152-9ACF8A069ED0} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...SP_def&AF=17284
SearchScopes: HKCU - {351D35CC-ECB0-453B-B152-9ACF8A069ED0} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://fileserver1/....RichUpload.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [779944 2010-08-21] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2012-11-02] (Acronis)
R2 arXfrSvc; C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [84576 2012-11-02] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [161064 2008-07-17] (Seagate Technology LLC)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LANConfig; C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [27520 2011-03-02] (Microsoft Corporation)
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
R2 LoClntService; C:\Program Files\Windows Server\bin\LightsOutClientService.exe [15872 2012-10-19] (AxoNet Software GmbH)
R2 lxbc_device; C:\Windows\system32\lxbccoms.exe [537520 2007-03-16] ( )
S3 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [154776 2010-03-18] (Citrix Systems, Inc)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [40832 2012-01-12] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 WhsMcClient; C:\Program Files\Windows Server\Bin\WhsMcClient.exe [98400 2012-11-02] (Microsoft Corporation)
R2 WSConnectorUpdate; C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [162176 2011-03-02] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 BackupReader; C:\Windows\System32\DRIVERS\BackupReader.sys [53504 2011-03-02] (Microsoft Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [81024 2010-03-09] (Citrix Systems, Inc.)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41624 2010-03-18] (Citrix Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 COMMONFX; system32\drivers\COMMONFX.SYS [x]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [x]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [x]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [x]
S3 CTERFXFX; system32\drivers\CTERFXFX.SYS [x]
S3 CTERFXFX.SYS; \SystemRoot\System32\drivers\CTERFXFX.SYS [x]
S3 CTSBLFX; system32\drivers\CTSBLFX.SYS [x]
S3 CTSBLFX.SYS; \SystemRoot\System32\drivers\CTSBLFX.SYS [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 06:26 - 2013-08-27 06:26 - 01072785 _____ (Farbar) C:\Users\Darrin\Desktop\FRST.exe
2013-08-25 23:53 - 2013-08-26 00:12 - 00000000 ____D C:\Users\Darrin\Desktop\Reverend
2013-08-21 17:59 - 2013-08-21 17:59 - 00001555 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\Program Files\iPod
2013-08-21 08:48 - 2013-08-21 08:48 - 00058570 _____ C:\Users\Darrin\Desktop\Extras.Txt
2013-08-21 08:44 - 2013-08-21 08:44 - 00093442 _____ C:\Users\Darrin\Desktop\OTL.Txt
2013-08-21 08:25 - 2013-08-21 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\Darrin\Desktop\OTL.exe
2013-08-13 19:00 - 2013-07-24 22:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 19:00 - 2013-07-24 22:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 19:00 - 2013-07-24 22:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 19:00 - 2013-07-24 22:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 19:00 - 2013-07-24 22:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 19:00 - 2013-07-24 22:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 19:00 - 2013-07-24 22:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 19:00 - 2013-07-24 22:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 19:00 - 2013-07-24 22:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 19:00 - 2013-07-24 22:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 19:00 - 2013-07-24 22:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 18:43 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:43 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:43 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:43 - 2013-07-06 01:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:42 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 18:42 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:42 - 2013-07-09 00:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:42 - 2013-07-09 00:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:42 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-04 11:53 - 2013-08-04 11:55 - 00000000 ____D C:\Users\Darrin\Desktop\Flash Drive
2013-08-01 17:07 - 2013-08-01 17:07 - 388296855 _____ C:\Windows\MEMORY.DMP
2013-08-01 17:07 - 2013-08-01 17:07 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-08-27 06:27 - 2013-08-27 06:27 - 00000000 ____D C:\FRST
2013-08-27 06:26 - 2013-08-27 06:26 - 01072785 _____ (Farbar) C:\Users\Darrin\Desktop\FRST.exe
2013-08-27 06:26 - 2011-08-12 14:37 - 01264951 _____ C:\Windows\WindowsUpdate.log
2013-08-27 06:24 - 2012-06-11 17:19 - 00000000 ____D C:\ProgramData\LightsOut
2013-08-27 06:24 - 2012-04-22 15:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 00:12 - 2013-08-25 23:53 - 00000000 ____D C:\Users\Darrin\Desktop\Reverend
2013-08-25 23:54 - 2011-08-12 14:41 - 00780076 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 21:12 - 2013-03-01 21:52 - 00008316 _____ C:\Windows\setupact.log
2013-08-23 17:46 - 2012-03-26 11:36 - 00000000 ____D C:\Users\Darrin\AppData\Roaming\vlc
2013-08-23 16:26 - 2011-08-13 11:00 - 00000000 ____D C:\Users\Darrin\AppData\Roaming\Azureus
2013-08-21 18:31 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 18:31 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 18:23 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 17:59 - 2013-08-21 17:59 - 00001555 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\Program Files\iPod
2013-08-21 17:59 - 2011-08-14 21:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-21 08:48 - 2013-08-21 08:48 - 00058570 _____ C:\Users\Darrin\Desktop\Extras.Txt
2013-08-21 08:44 - 2013-08-21 08:44 - 00093442 _____ C:\Users\Darrin\Desktop\OTL.Txt
2013-08-21 08:25 - 2013-08-21 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\Darrin\Desktop\OTL.exe
2013-08-14 10:31 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-08-13 19:17 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-13 19:00 - 2013-07-23 21:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 18:57 - 2011-08-14 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 18:57 - 2011-08-12 16:49 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-04 11:55 - 2013-08-04 11:53 - 00000000 ____D C:\Users\Darrin\Desktop\Flash Drive
2013-08-01 17:16 - 2012-04-22 15:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-01 17:16 - 2011-08-13 14:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-01 17:15 - 2011-08-13 10:11 - 00000000 ____D C:\Users\Darrin\AppData\Local\Adobe
2013-08-01 17:07 - 2013-08-01 17:07 - 388296855 _____ C:\Windows\MEMORY.DMP
2013-08-01 17:07 - 2013-08-01 17:07 - 00000000 ____D C:\Windows\Minidump
2013-07-31 17:48 - 2012-05-04 22:44 - 00002236 ____H C:\Users\Darrin\Documents\Default.rdp
2013-07-31 09:48 - 2013-01-15 19:56 - 00000000 ____D C:\Users\Darrin\AppData\Local\Windows Live

Files to move or delete:
====================
C:\Users\Darrin\AppData\Local\Temp\DivXSetup.exe
C:\Users\Darrin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Darrin\AppData\Local\Temp\i4jdel1.exe
C:\Users\Darrin\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aih.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Darrin\AppData\Local\Temp\winzip170-32ml_wrapped.exe
C:\Users\Darrin\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
C:\Users\Darrin\AppData\Local\Temp\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\InstHelper.dll
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\Darrin\AppData\Local\Temp\e4j9A7D.tmp_dir20449\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j95D4.tmp_dir4951\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j3D70.tmp_dir11758\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j23E2.tmp_dir1371478192\VuzeToolbar-stub-1.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 14:33

==================== End Of Log ============================











Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-08-2013 01
Ran by Darrin at 2013-08-27 06:28:31
Running from C:\Users\Darrin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
Acronis†True†Image†Home 2011 (Version: 14.0.5105)
Adobe Acrobat 8 Standard (Version: 8.1.5)
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Standard (Version: 8.1.5)
Adobe AIR (Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Aimersoft DVD Creator(Build 2.2.8.1)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.7 (Version: 2.1.7-Build#3041)
avast! Free Antivirus (Version: 8.0.1489.0)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Bonjour (Version: 3.0.0.10)
Cisco Systems VPN Client 5.0.01.0600 (Version: 5.0.1)
Citrix Access Gateway Plug-in (Version: 9.2.39.6)
Citrix online plug-in - web (Version: 12.1.44.1)
Citrix online plug-in (DV) (Version: 12.1.44.1)
Citrix online plug-in (HDX) (Version: 12.1.44.1)
Citrix online plug-in (USB) (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
Click to Call with Skype (Version: 5.5.8013)
Coupon Printer for Windows (Version: 5.0.0.1)
Creative Audio Console (Version: 1.33)
Creative Software AutoUpdate (Version: 1.40)
CrystalDiskInfo 5.0.2a (Version: 5.0.2a)
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.22)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.0.3.2 (30/10/2010)
DVDXCopy (remove only)
ImgBurn (Version: 2.5.5.0)
Inpaint 4.7
ISO Recorder (Version: 3.0.0)
IsoBuster 2.8.5 (Version: 2.8.5)
iTunes (Version: 11.0.5.5)
IZArc 4.1.6 (Version: 4.1.6)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 39 (Version: 6.0.390)
JavaFX 2.1.1 (Version: 2.1.1)
Lexmark Z500-Z600 Series
Lights-Out Client x86 (Version: 1.5.3.1819)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (Version: 2.0.1578.0)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (Version: 2.0.1578.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Neonatal Resuscitation DVD-ROM (Version: 1)
Nero 7 Premium (Version: 7.02.9888)
neroxml (Version: 1.0.0)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL
PE Builder 3.1.10a
Photo Gallery (Version: 16.4.3505.0912)
PhotoFiltre
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.74.80.86)
Skypeô 6.1 (Version: 6.1.129)
SyncToy 2.1 (x86) (Version: 2.1.0)
TeamViewer 7 (Version: 7.0.17271)
UnderCoverXP 1.23
Unlocker 1.9.1 (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VectorVest 7 (Version: 1.2.1.13)
VectorVest U.S. (Version: 1.4.9)
VLC media player 2.0.6 (Version: 2.0.6)
Vuze (Version: 5.0.0.0)
Winamp (remove only)
WinDirStat 1.1.2
Windows Home Server 2011 Connector (Version: 6.1.8800.16400)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Yahoo! Detect


==================== Restore Points =========================

20-08-2013 13:46:42 Windows Update
23-08-2013 17:48:00 Windows Update

==================== Hosts content: ==========================

2011-08-11 15:41 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00896EB4-A9A9-415F-BB3E-6803BCECCDC4} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {0ECE3B4F-498C-49E1-8309-A37229DB9294} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01] (Adobe Systems Incorporated)
Task: {2B091539-4C66-4407-8FD8-E87D9E2D2452} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2FD858BA-ABAC-4803-AC10-7E49DD99535A} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {5E2F43DF-A01C-4DC6-A39F-3F198D9C6C61} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {7D951DFB-679F-4526-B820-12D77848A4F7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {8A716A27-495B-4803-BA9D-C0F3A3B62792} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {8B227893-1FC3-4287-901D-292C9E6F1340} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {B24731B1-7A50-48AA-B778-43C08B9C30BF} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {BE1862F9-1B32-47B2-AA08-8C88E84BEBF3} - System32\Tasks\4789 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {CECEAA20-8587-487D-B119-A81754B88AB3} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {D33A2103-2D72-47B9-9555-09E5CD491AF7} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe [2013-07-24] (Microsoft Corporation)
Task: {D94F490B-873A-41BB-8498-FF4C5EA6C8A0} - System32\Tasks\LoSBackupWake => C:\Windows\System32\tasklist.exe [2009-07-13] (Microsoft Corporation)
Task: {EE89B7D2-3CC3-4DA2-9696-B1D848E57954} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-01-12] (Microsoft Corporation)
Task: {F1A47D58-A09A-4776-B6AE-4BF4A9263956} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Darrin\Desktop\Facebook.url:favicon
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-1416476257
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-554315429
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home-997497200
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home1655414263
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home332194419
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home336323577
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home344929875
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home466279566
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home937237662
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:DESTICON_home9452684
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:favicon
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_0home1455096040
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_1live-1912515702
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_2create1568545187
AlternateDataStreams: C:\Users\Darrin\Desktop\iHeart Radio.website:TASKICON_3my_stations-930357013

==================== Faulty Device Manager Devices =============

Name: Creative AC3 Software Decoder
Description: Creative AC3 Software Decoder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctac32k
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2013 02:41:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6125

Error: (08/26/2013 02:41:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6125

Error: (08/26/2013 02:41:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/26/2013 02:41:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4172

Error: (08/26/2013 02:41:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4172

Error: (08/26/2013 02:41:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/26/2013 02:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2219

Error: (08/26/2013 02:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2219

Error: (08/26/2013 02:41:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/26/2013 02:30:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {82902ae8-46a2-426d-9edd-d6ae23dbe6f8}


System errors:
=============
Error: (08/26/2013 00:08:35 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/25/2013 11:52:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (08/21/2013 09:14:43 AM) (Source: DCOM) (User: dar124)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}dar124DarrinS-1-5-21-1765791927-563018878-3994265690-1000LocalHost (Using LRPC)

Error: (08/21/2013 09:14:15 AM) (Source: DCOM) (User: dar124)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}dar124DarrinS-1-5-21-1765791927-563018878-3994265690-1000LocalHost (Using LRPC)

Error: (08/21/2013 09:14:15 AM) (Source: DCOM) (User: dar124)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}dar124DarrinS-1-5-21-1765791927-563018878-3994265690-1000LocalHost (Using LRPC)

Error: (08/21/2013 09:14:13 AM) (Source: DCOM) (User: dar124)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}dar124DarrinS-1-5-21-1765791927-563018878-3994265690-1000LocalHost (Using LRPC)

Error: (08/21/2013 06:26:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (08/20/2013 02:29:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (08/20/2013 10:30:44 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/18/2013 01:46:44 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{88688A56-D2D2-4B43-A188-E694FFD1B22F} because another computer on the network has the same name. The server could not start.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-28 18:35:45.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-06-28 18:20:05.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 21:04:58.257
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-06-18 20:10:48.861
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-03-01 21:05:34.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-03-01 20:54:33.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-03-01 20:36:45.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-24 15:15:53.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-23 20:06:30.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-23 19:59:04.915
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3070.8 MB
Available physical RAM: 1873.12 MB
Total Pagefile: 6137.84 MB
Available Pagefile: 4124.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:34.77 GB) NTFS
Drive d: (Media) (Fixed) (Total:232.79 GB) (Free:166.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8A4C8A4C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 3792E93A)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dar124,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
So when you return please post
  • Fixlog.txt
  • JRT.txt

  • 0

#5
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok, here's the Fixlog and JRT log files.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-08-2013 01
Ran by Darrin at 2013-08-28 06:30:01 Run:1
Running from C:\Users\Darrin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Darrin\AppData\Local\Temp\DivXSetup.exe
C:\Users\Darrin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Darrin\AppData\Local\Temp\i4jdel1.exe
C:\Users\Darrin\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aih.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Darrin\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Darrin\AppData\Local\Temp\winzip170-32ml_wrapped.exe
C:\Users\Darrin\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
C:\Users\Darrin\AppData\Local\Temp\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\InstHelper.dll
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\SynctoySetup.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework Services\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework\msfcheck.exe
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\dotnetfx\dotnetchk.exe
C:\Users\Darrin\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\Darrin\AppData\Local\Temp\e4j9A7D.tmp_dir20449\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j95D4.tmp_dir4951\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j3D70.tmp_dir11758\i4jdel.exe
C:\Users\Darrin\AppData\Local\Temp\e4j23E2.tmp_dir1371478192\VuzeToolbar-stub-1.exe
*****************

C:\Users\Darrin\AppData\Local\Temp\DivXSetup.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\i4jdel1.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aih.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\vlc-2.0.6-win32.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\winzip170-32ml_wrapped.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\InstHelper.dll => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\SynctoySetup.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework Services\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\Microsoft Sync Framework\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSDD09B.tmp\dotnetfx\dotnetchk.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\SynctoySetup.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework Services\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\Microsoft Sync Framework\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD8A35.tmp\dotnetfx\dotnetchk.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\SynctoySetup.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework Services\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\Microsoft Sync Framework\msfcheck.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\VSD6FEB.tmp\dotnetfx\dotnetchk.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\e4j9A7D.tmp_dir20449\i4jdel.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\e4j95D4.tmp_dir4951\i4jdel.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\e4j3D70.tmp_dir11758\i4jdel.exe => Moved successfully.
C:\Users\Darrin\AppData\Local\Temp\e4j23E2.tmp_dir1371478192\VuzeToolbar-stub-1.exe => Moved successfully.

==== End of Fixlog ====











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Ultimate x86
Ran by Darrin on Wed 08/28/2013 at 6:35:31.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylontc_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3027459
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\runtask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Darrin\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Darrin\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Darrin\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Darrin\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/28/2013 at 6:41:23.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dar124,

Please run another scan with Farbars Recovery Scan Tool and post the results back here.
  • 0

#7
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok, here's the log from the 2nd FRST scan.





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 01
Ran by Darrin (administrator) on 28-08-2013 18:01:39
Running from C:\Users\Darrin\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Seagate Technology LLC) D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(AxoNet Software GmbH) C:\Program Files\Windows Server\bin\LightsOutClientService.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
( ) C:\Windows\system32\lxbccoms.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Creative Technology Ltd) C:\Windows\System32\CtHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Acronis) D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AxoNet Software GmbH) C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Acrobat Assistant 8.0] - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [CTHelper] - C:\Windows\system32\CTHELPER.EXE [19456 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [CTxfiHlp] - C:\Windows\system32\CTXFIHLP.EXE [19968 2007-04-09] (Creative Technology Ltd)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Launchpad] - C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-29] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - D:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
MountPoints2: {05dd813a-d5db-11e1-ad97-000cf1a23787} - G:\setup.exe -a
MountPoints2: {8f3652c8-cb9a-11e0-af81-000cf1a23787} - G:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lights-Out Client.lnk
ShortcutTarget: Lights-Out Client.lnk -> C:\Program Files\Windows Server\Bin\LightsOutClientGui.exe (AxoNet Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {351D35CC-ECB0-453B-B152-9ACF8A069ED0} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {351D35CC-ECB0-453B-B152-9ACF8A069ED0} URL = http://search.yahoo....p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -No Name - {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} https://fileserver1/....RichUpload.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [779944 2010-08-21] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2012-11-02] (Acronis)
R2 arXfrSvc; C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [84576 2012-11-02] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1524512 2007-07-16] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [161064 2008-07-17] (Seagate Technology LLC)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 LANConfig; C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [27520 2011-03-02] (Microsoft Corporation)
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
R2 LoClntService; C:\Program Files\Windows Server\bin\LightsOutClientService.exe [15872 2012-10-19] (AxoNet Software GmbH)
R2 lxbc_device; C:\Windows\system32\lxbccoms.exe [537520 2007-03-16] ( )
S3 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-06-29] (Nero AG)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [154776 2010-03-18] (Citrix Systems, Inc)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [40832 2012-01-12] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 WhsMcClient; C:\Program Files\Windows Server\Bin\WhsMcClient.exe [98400 2012-11-02] (Microsoft Corporation)
R2 WSConnectorUpdate; C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [162176 2011-03-02] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R3 BackupReader; C:\Windows\System32\DRIVERS\BackupReader.sys [53504 2011-03-02] (Microsoft Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [81024 2010-03-09] (Citrix Systems, Inc.)
S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [98600 2007-04-18] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [164608 2007-04-12] (Creative Technology Ltd.)
R3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [546048 2007-04-12] (Creative Technology Ltd)
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [347128 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [168192 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [280320 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [128768 2007-04-12] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [323328 2007-04-12] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [94976 2007-04-12] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1317632 2007-04-12] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [66816 2007-04-12] (Creative Technology Ltd.)
R3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [560384 2007-04-12] (Creative Technology Ltd)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [41624 2010-03-18] (Citrix Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306299 2007-07-16] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [797992 2007-04-10] (Creative Technology Ltd)
R3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [163112 2007-04-10] (Creative Technology Ltd)
S3 hap17v2k; C:\Windows\System32\drivers\hap17v2k.sys [189736 2007-04-10] (Creative Technology Ltd)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 COMMONFX; system32\drivers\COMMONFX.SYS [x]
S3 COMMONFX.SYS; \SystemRoot\System32\drivers\COMMONFX.SYS [x]
S3 CTAUDFX; system32\drivers\CTAUDFX.SYS [x]
S3 CTAUDFX.SYS; \SystemRoot\System32\drivers\CTAUDFX.SYS [x]
S3 CTERFXFX; system32\drivers\CTERFXFX.SYS [x]
S3 CTERFXFX.SYS; \SystemRoot\System32\drivers\CTERFXFX.SYS [x]
S3 CTSBLFX; system32\drivers\CTSBLFX.SYS [x]
S3 CTSBLFX.SYS; \SystemRoot\System32\drivers\CTSBLFX.SYS [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-28 06:41 - 2013-08-28 06:41 - 00003881 _____ C:\Users\Darrin\Desktop\JRT.txt
2013-08-28 06:35 - 2013-08-28 06:35 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 06:32 - 2013-08-28 06:32 - 01021434 _____ (Thisisu) C:\Users\Darrin\Desktop\JRT.exe
2013-08-27 06:28 - 2013-08-27 06:29 - 00021280 _____ C:\Users\Darrin\Desktop\Addition.txt
2013-08-27 06:27 - 2013-08-27 06:27 - 00000000 ____D C:\FRST
2013-08-27 06:26 - 2013-08-27 06:26 - 01072785 _____ (Farbar) C:\Users\Darrin\Desktop\FRST.exe
2013-08-25 23:53 - 2013-08-26 00:12 - 00000000 ____D C:\Users\Darrin\Desktop\Reverend
2013-08-21 17:59 - 2013-08-21 17:59 - 00001555 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\Program Files\iPod
2013-08-21 08:48 - 2013-08-21 08:48 - 00058570 _____ C:\Users\Darrin\Desktop\Extras.Txt
2013-08-21 08:44 - 2013-08-21 08:44 - 00093442 _____ C:\Users\Darrin\Desktop\OTL.Txt
2013-08-21 08:25 - 2013-08-21 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\Darrin\Desktop\OTL.exe
2013-08-13 19:00 - 2013-07-24 22:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-13 19:00 - 2013-07-24 22:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-13 19:00 - 2013-07-24 22:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-13 19:00 - 2013-07-24 22:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-13 19:00 - 2013-07-24 22:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-13 19:00 - 2013-07-24 22:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 19:00 - 2013-07-24 22:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 19:00 - 2013-07-24 22:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 19:00 - 2013-07-24 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 19:00 - 2013-07-24 22:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-13 19:00 - 2013-07-24 22:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-13 19:00 - 2013-07-24 22:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 18:43 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 18:43 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 18:43 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 18:43 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 18:43 - 2013-07-06 01:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 18:42 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-13 18:42 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 18:42 - 2013-07-09 00:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 18:42 - 2013-07-09 00:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 18:42 - 2013-06-14 23:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-04 11:53 - 2013-08-04 11:55 - 00000000 ____D C:\Users\Darrin\Desktop\Flash Drive
2013-08-01 17:07 - 2013-08-01 17:07 - 388296855 _____ C:\Windows\MEMORY.DMP
2013-08-01 17:07 - 2013-08-01 17:07 - 00000000 ____D C:\Windows\Minidump

==================== One Month Modified Files and Folders =======

2013-08-28 17:58 - 2012-04-22 15:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-28 14:34 - 2011-08-12 14:37 - 01351081 _____ C:\Windows\WindowsUpdate.log
2013-08-28 07:06 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 07:06 - 2009-07-14 00:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 06:58 - 2012-06-11 17:19 - 00000000 ____D C:\ProgramData\LightsOut
2013-08-28 06:57 - 2013-03-01 21:52 - 00008372 _____ C:\Windows\setupact.log
2013-08-28 06:57 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 06:41 - 2013-08-28 06:41 - 00003881 _____ C:\Users\Darrin\Desktop\JRT.txt
2013-08-28 06:35 - 2013-08-28 06:35 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 06:32 - 2013-08-28 06:32 - 01021434 _____ (Thisisu) C:\Users\Darrin\Desktop\JRT.exe
2013-08-27 18:29 - 2012-03-26 11:36 - 00000000 ____D C:\Users\Darrin\AppData\Roaming\vlc
2013-08-27 06:29 - 2013-08-27 06:28 - 00021280 _____ C:\Users\Darrin\Desktop\Addition.txt
2013-08-27 06:27 - 2013-08-27 06:27 - 00000000 ____D C:\FRST
2013-08-27 06:26 - 2013-08-27 06:26 - 01072785 _____ (Farbar) C:\Users\Darrin\Desktop\FRST.exe
2013-08-26 00:12 - 2013-08-25 23:53 - 00000000 ____D C:\Users\Darrin\Desktop\Reverend
2013-08-25 23:54 - 2011-08-12 14:41 - 00780076 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 16:26 - 2011-08-13 11:00 - 00000000 ____D C:\Users\Darrin\AppData\Roaming\Azureus
2013-08-21 17:59 - 2013-08-21 17:59 - 00001555 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-21 17:59 - 2013-08-21 17:59 - 00000000 ____D C:\Program Files\iPod
2013-08-21 17:59 - 2011-08-14 21:35 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-21 08:48 - 2013-08-21 08:48 - 00058570 _____ C:\Users\Darrin\Desktop\Extras.Txt
2013-08-21 08:44 - 2013-08-21 08:44 - 00093442 _____ C:\Users\Darrin\Desktop\OTL.Txt
2013-08-21 08:25 - 2013-08-21 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\Darrin\Desktop\OTL.exe
2013-08-14 10:31 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-08-13 19:17 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-13 19:00 - 2013-07-23 21:37 - 00000000 ____D C:\Windows\system32\MRT
2013-08-13 18:57 - 2011-08-14 21:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-13 18:57 - 2011-08-12 16:49 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-04 11:55 - 2013-08-04 11:53 - 00000000 ____D C:\Users\Darrin\Desktop\Flash Drive
2013-08-01 17:16 - 2012-04-22 15:16 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-01 17:16 - 2011-08-13 14:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-01 17:15 - 2011-08-13 10:11 - 00000000 ____D C:\Users\Darrin\AppData\Local\Adobe
2013-08-01 17:07 - 2013-08-01 17:07 - 388296855 _____ C:\Windows\MEMORY.DMP
2013-08-01 17:07 - 2013-08-01 17:07 - 00000000 ____D C:\Windows\Minidump
2013-07-31 17:48 - 2012-05-04 22:44 - 00002236 ____H C:\Users\Darrin\Documents\Default.rdp
2013-07-31 09:48 - 2013-01-15 19:56 - 00000000 ____D C:\Users\Darrin\AppData\Local\Windows Live

Files to move or delete:
====================
C:\Users\Darrin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 14:33

==================== End Of Log ============================
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.
When you return please post
  • Fixlog.txt
  • ESET online scan results
  • and tell me how your machine is now

  • 0

#9
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Here's the new FRST scan log.

And I ran the ESET scan, but I dont think there was an option to save a log file?? The scan did find 16 "items", but I wasnt able to save a log file. I checked in the C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt directory, but there werent any log files saved there. Hopefuly that isnt an issue??

The PC does seem to be running better. But I'm still having issues with it coming out of sleep / hybrid sleep. Normally I would just press a key on the keyboard and it would wake up, but I'm now having to press the power button for it to wake up. And it takes a long time to come out of its sleep mode. I was hoping that some of these scans & a bit of cleaning would fix this problem.





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-08-2013 01
Ran by Darrin at 2013-08-29 06:24:45 Run:2
Running from C:\Users\Darrin\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKCU -No Name - {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - No File
C:\Users\Darrin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} => Value deleted successfully.
HKCR\CLSID\{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} => Key not found.
C:\Users\Darrin\AppData\Local\Temp\jrt\erunt\ERUNT.EXE => Moved successfully.

==== End of Fixlog ====
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

And I ran the ESET scan, but I dont think there was an option to save a log file?? The scan did find 16 "items", but I wasnt able to save a log file. I checked in the C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt directory, but there werent any log files saved there. Hopefuly that isnt an issue??


Hmm... probably most of them we knew about and quarantined with our tools already but I think it worth running another scan to see what we can find if anything.

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

Advertisements


#11
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Ok, so I ran another ESET scan and it came back with zero items detected. Again no log file, but at least this time it didnt find any items.

Here's the log from the Malwarebytes scan. Again, zero items found, so I'd imagine that's a good sign??



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Darrin :: DAR124 [administrator]

9/1/2013 10:26:46 AM
mbam-log-2013-09-01 (10-26-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252222
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

But I'm still having issues with it coming out of sleep / hybrid sleep.


I don't think that is malware related.

You can download the 710 series user's guide from the link below:

http://support.gatew...px?modelId=2606

Check out the section Customizing Your Computer > Power Management > Activating and using Hibernate Mode

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#13
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Here's the new OTL log file.




All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Darrin\Desktop\cmd.bat deleted successfully.
C:\Users\Darrin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Darrin
->Temp folder emptied: 154754826 bytes
->Temporary Internet Files folder emptied: 718305420 bytes
->Java cache emptied: 72736 bytes
->Flash cache emptied: 72934 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264009686 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,085.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09012013_180657

Files\Folders moved on Reboot...
C:\Users\Darrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Darrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello again dar124,

I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#15
dar124

dar124

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Thanks for your assistance emeraldnzl. I ran the OTL cleanup, deleted the other tools, cleaned up my restore points and set a new one up as of yesterday. I'll still have to look into the issue with the PC not waking up, but at least I know that the PC is virus free. Thanks again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP