Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet unusable because of adds, malware

Started by Cat25 , Aug 31 2013 04:00 PM

Please log in to reply

#16
RKinner

Posted 02 September 2013 - 06:38 PM

Malware Expert

Expert
24,625 posts

Running a tad hot (64 C). Should be closer to 50 or less. Get speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). Propping it up in the back lets the heat rise to the heatsink which should make it cool a bit better. I have heard that Lenovo's have an access panel that allows you to get to the fan and heatsink. IF that is the case I would open it up and try to clean the dust out of the heatsink. Always run it on a hard surface. A soft surface will block the air vents.

Not only did Yahoo not install it is still hung. Run Process Explorer and sort things by clicking on Process and then find Au_.exe and right click on it and Kill Process. Repeat for YahooAUService.exe. Close all browsers and then delete the folder C:\Program Files\Yahoo!

Copy the next line:

sc delete YahooAUService

Start, All Programs, Accessories, Command Prompt. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Does it give you an error? Close the command window.

Reboot and run Process Explorer again as before and post the log.

Also run OTL, Quickscan and post the log.

How is it running now?

#17
Cat25

Posted 07 September 2013 - 10:31 AM

Member

Topic Starter
Member
34 posts

IE seems to be running better now, before I could not click on a link in your reply & have it bring up the page, it would take me to a different web site.

When I tried to run speed got several errors 1) Speed fan driver not installed. Is speed fan service started 2) when trying to run speed fan from icon got blue screen with Bad_Pool_Header, then "recovered from serious error send report ?" Deleted & tried again same errors.

When I ran Process Explore did not find Au.exe. Did find YahooAUService.exe & killed process & deleted folder C:\Program Files\Yahoo
When pasted sc delete YahooAUservice at command prompt , got a success.

Attached Files

ibmpmsvc.exe.txt 12.32KB 226 downloads
OTL.Txt 144.89KB 86 downloads

#18
RKinner

Posted 08 September 2013 - 01:25 AM

Malware Expert

Expert
24,625 posts

Not sure what happened to Speedfan. It normally works fine on XP. Perhaps Norton/Symantec did something to it.
I suppose there could be a problem with the disk. Let's run a disk check and make sure it is healthy.

With XP the defrag is not automatic like it is on Vista/Win 7. When was the last time you did a defrag? IF it hasn't been done in over a month I would do it now. http://support.microsoft.com/kb/314848

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

#19
Cat25

Posted 08 September 2013 - 10:55 AM

Member

Topic Starter
Member
34 posts

Attached is the event viewer tool log

Attached Files

VEW.txt 5.67KB 133 downloads

#20
RKinner

Posted 08 September 2013 - 11:44 AM

Malware Expert

Expert
24,625 posts

OK.

Go to [Start > Run] and type the following command and hit OK.

“%PROGRAMFILES%\Bonjour\mDNSResponder.exe”  -remove

Go to [Start > Run] again and type the following command and hit OK.

regsvr32  /u  “%PROGRAMFILES%\Bonjour\mdnsNSP.dll”

That should remove Bonjour

Copy the text in the code box by highlighting and Ctrl + c


:OTL

:files
sc stop JavaQuickStarterService /c
sc delete JavaQuickStarterService /c
sc delete UIUSys /c
C:\WINDOWS\tasks\*.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Then
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#21
Cat25

Posted 08 September 2013 - 02:01 PM

Member

Topic Starter
Member
34 posts

I copied & pasted the "%programfiles\Bonjour etc to the run box. Got the following error: Windows cannot find '"C:\Program'. Make sure you typed the name correctly & try again. Tried 3 times same error. Did not try it with the 2nd line you listed.

Thanks, Kathie

#22
RKinner

Posted 08 September 2013 - 05:01 PM

Malware Expert

Expert
24,625 posts

You have to include both of the quotation marks. They are part of the command.

#23
Cat25

Posted 08 September 2013 - 06:36 PM

Member

Topic Starter
Member
34 posts

I copied “%PROGRAMFILES%\Bonjour\mDNSResponder.exe” -remove
to the run box & I got this error:

Windows cannot find '"C:\Program'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button then click Search.

Don't understand where you mean I should include both quatation marks. I also searched on mDNSResponder.exe & nothing was found.

#24
RKinner

Posted 08 September 2013 - 06:56 PM

Malware Expert

Expert
24,625 posts

Try:

cd  "\program files"
cd  Bonjour
mDNSResponder.exe  -remove

#25
Cat25

Posted 10 September 2013 - 03:35 PM

Member

Topic Starter
Member
34 posts

I could never get any of the commands to work to remove Bonjour, I thought I removed it with Revo Installer.
I ran OTL but it did not produce a log.

Attached Files

VEW.txt 1.76KB 109 downloads
VEW 2.txt 568bytes 90 downloads

#26
RKinner

Posted 10 September 2013 - 03:44 PM

Malware Expert

Expert
24,625 posts

Run OTL, Quickscan and post the log

#27
Cat25

Posted 10 September 2013 - 08:05 PM

Member

Topic Starter
Member
34 posts

Here is the OTL file.

Thanks,
Kathie

Attached Files

OTL.Txt 143.97KB 96 downloads

#28
RKinner

Posted 10 September 2013 - 08:49 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{0134AF61-7A0C-4649-AECA-90D776060CB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{9A4F784C-8AE7-4A0E-93CB-88F63569346F}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\SHOW-LYRICS\FF

:files
sc delete gupdate /c
sc delete "Bonjour Service" /c
netsh winsock reset catalog /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

#29
Cat25

Posted 11 September 2013 - 09:22 AM

Member

Topic Starter
Member
34 posts

When I completed the Run Fix, I did not get a log again. Last time & this time computer did not reboot after it completed. I waited about 5 minutes & rebooted manually, no log. Attached is the log from the quickscan. So far IE seems better, but have not be on line much lately, just to complete the steps you request.

Thanks,
Kathie

OTL logfile created on: 9/11/2013 9:59:44 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kathie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 61.11% Memory free
3.81 Gb Paging File | 3.14 Gb Available in Paging File | 82.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.46 Gb Total Space | 17.39 Gb Free Space | 12.12% Space Free | Partition Type: NTFS

Computer Name: LAPTOPW | User Name: Kathie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/19 23:07:10 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/11 13:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kathie\Desktop\OTL.exe
PRC - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2013/03/04 13:57:52 | 000,398,336 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\Virtual Account Numbers\CitiVAN.exe
PRC - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccsvchst.exe
PRC - [2012/12/06 14:41:06 | 000,156,672 | ---- | M] (Orbiscom Ltd.) -- C:\WINDOWS\system32\OBroker.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
PRC - [2011/06/01 11:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/04 16:05:18 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011/05/04 16:04:38 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
PRC - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 20:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/03/02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
PRC - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 18:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/04/09 13:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/03/09 00:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 23:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 20:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/09/06 02:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/14 00:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

========== Modules (No Company Name) ==========

MOD - [2013/08/31 14:39:24 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f752470\mscorlib.dll
MOD - [2013/08/31 14:39:22 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_218b4147\system.drawing.dll
MOD - [2013/08/31 14:39:08 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a196a692\system.xml.dll
MOD - [2013/08/31 14:39:02 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f0f2943b\system.windows.forms.dll
MOD - [2013/08/31 14:38:43 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0231ed72\system.dll
MOD - [2013/08/31 14:38:30 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/08/31 14:38:29 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/08/31 14:38:28 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/08/31 14:24:10 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/08/31 14:24:10 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/08/31 14:24:05 | 004,550,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2013/08/31 14:24:04 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/08/31 14:24:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/08/31 14:24:02 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/08/31 14:24:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2013/08/31 14:24:00 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/08/31 14:23:54 | 000,010,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2013/07/07 13:36:53 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013/03/05 15:14:00 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/03/05 15:13:57 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013/03/05 15:13:50 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/02/19 17:47:03 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2013/02/19 17:46:33 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/12/06 14:38:00 | 000,039,424 | ---- | M] () -- C:\Program Files\Virtual Account Numbers\VANRes.dll
MOD - [2011/06/01 11:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 11:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 16:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 16:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 16:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/04 16:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010/03/04 16:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009/05/27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2007/11/28 10:34:16 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/11/28 10:34:05 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2007/11/28 10:34:01 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/11/28 10:33:22 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/11/28 10:33:00 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/11/28 10:32:57 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/11/28 10:32:46 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/11/28 10:32:42 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/11/28 10:32:42 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/11/28 10:32:42 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/11/28 10:32:42 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2007/11/28 10:32:42 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/11/28 10:32:42 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/11/28 10:32:37 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/11/28 10:32:35 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/11/28 10:32:35 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/11/28 10:32:35 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/11/28 10:32:35 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/11/28 10:32:34 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/11/28 10:32:33 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2007/11/28 10:32:33 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/11/28 10:29:00 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/11/28 10:29:00 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2007/11/28 10:29:00 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2007/11/28 10:28:59 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/11/28 10:28:59 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2007/11/28 10:28:58 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2007/11/28 10:28:57 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2007/06/17 11:16:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2007/06/17 11:16:00 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2007/05/17 10:53:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/17 10:53:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/04/16 14:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2007/04/09 13:03:00 | 000,235,056 | ---- | M] () -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007/03/22 12:02:00 | 000,063,024 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2007/02/27 20:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2007/02/08 15:59:30 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2007/01/30 21:21:54 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2007/01/25 01:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2006/12/13 21:06:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\tphklock.dll
MOD - [2006/11/09 23:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006/04/30 02:31:01 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/04/30 02:25:07 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2013/08/22 15:06:54 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/10 16:50:38 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012/12/23 22:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012/11/08 11:39:36 | 000,174,176 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/03/18 12:22:23 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/01 11:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 16:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/07 07:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009/11/10 13:32:42 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/04/16 19:12:56 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/29 22:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/09/03 17:26:28 | 001,097,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130903.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/08/28 18:40:16 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130910.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 18:40:15 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130910.022\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/27 15:22:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/27 15:21:59 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/20 17:13:48 | 000,380,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130910.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/01/30 22:18:18 | 000,394,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symtdi.sys -- (SYMTDI)
DRV - [2013/01/30 22:18:06 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symefa.sys -- (SymEFA)
DRV - [2013/01/28 20:45:18 | 000,602,712 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtsp.sys -- (SRTSP)
DRV - [2013/01/28 20:45:18 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\srtspx.sys -- (SRTSPX)
DRV - [2013/01/21 21:15:32 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\symds.sys -- (SymDS)
DRV - [2012/12/29 15:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/12/03 16:20:12 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/15 21:22:01 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ironx86.sys -- (SymIRON)
DRV - [2012/11/15 21:18:04 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1403000.024\ccsetx86.sys -- (ccSet_N360)
DRV - [2009/10/12 21:24:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 21:24:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 21:24:52 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/20 22:58:09 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/10/01 17:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/08/08 06:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/17 11:16:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/06/07 19:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/04/30 09:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)
DRV - [2007/04/09 13:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/02 14:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 18:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/02 20:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2007/03/02 20:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 04:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/01/24 04:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 04:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 21:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 21:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 21:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/06 03:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/15 01:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/15 00:59:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/10/09 09:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 12:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://lenovo.us.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 2D 3B ED 95 AA CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0270EEB4-082C-4CEB-92FD-0974815FD809}: "URL" = http://search.yahoo....835,20028,0,8,0
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{AB658337-3765-4769-8329-FC8A0B7D27A0}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...35,20031,0,8,0"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.0.380%20-%201
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.1.34
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130835,20030,0,8,0"
FF - prefs.js..keyword.URL: "http://search.yahoo....35,20030,0,8,0"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/03 16:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/09/11 09:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\citius@orbiscom: C:\Program Files\Virtual Account Numbers [2013/04/29 15:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 15:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/10 15:33:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/21 13:47:44 | 000,000,000 | ---D | M]

[2011/01/08 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Extensions
[2013/09/02 08:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions
[2012/03/23 16:02:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/10 13:08:21 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/10 13:10:21 | 000,301,821 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\[email protected]
[2013/08/09 15:57:34 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Kathie\Application Data\Mozilla\Firefox\Profiles\lo98rb5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/02 08:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/22 15:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 15:06:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.2.0.5
[2012/12/03 16:21:06 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{0134AF61-7A0C-4649-AECA-90D776060CB3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\{9A4F784C-8AE7-4A0E-93CB-88F63569346F}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KATHIE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LO98RB5I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\SHOW-LYRICS\FF
[2013/02/10 12:49:24 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://us.yhs4.searc...835,20033,0,8,0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.14\pdf.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Catalina Savings Printer (Enabled) = C:\DOCUME~1\Kathie\APPLIC~1\CATALI~2\NPBCSK~1.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: GetSavin = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Kathie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/02 10:18:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Virtual Account Numbers Helper) - {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Virtual Account Numbers] C:\Program Files\Virtual Account Numbers\CitiVAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKCU..\Run: [82A65744E4EE70D3AE1EB3EF2EB18B07B2E3ECBB._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_BA67679302E9B0B9DBD0A56F5991E6C8] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{244DD694-3020-4B85-8405-0AFFC7EB67EA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/10 16:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Desktop\9.10
[2013/09/08 14:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Desktop\9.8
[2013/09/08 10:07:44 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/09/07 10:40:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Desktop\9.2
[2013/09/07 10:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/09/02 18:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Desktop\revouninstaller
[2013/09/02 18:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/02 18:20:06 | 005,127,856 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kathie\Desktop\spsetup122.exe
[2013/09/02 17:57:06 | 002,799,296 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kathie\Desktop\procexp.exe
[2013/09/02 13:43:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/02 11:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/02 11:05:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/02 11:04:06 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kathie\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/02 10:41:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kathie\Desktop\tdsskiller.exe
[2013/09/02 09:34:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/02 09:26:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/02 09:26:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/02 09:26:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/02 09:26:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/02 09:25:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/02 09:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/02 09:22:24 | 005,119,472 | R--- | C] (Swearware) -- C:\Documents and Settings\Kathie\Desktop\ComboFix.exe
[2013/09/02 09:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Desktop\8.31 & 9.1
[2013/09/02 08:44:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/31 23:46:30 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kathie\Desktop\aswmbr.exe
[2013/08/31 23:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/31 23:07:13 | 001,027,511 | ---- | C] (Thisisu) -- C:\Documents and Settings\Kathie\Desktop\JRT.exe
[2013/08/31 23:02:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kathie\IECompatCache
[2013/08/31 23:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius
[2013/08/31 22:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/08/31 22:47:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/31 14:33:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/08/27 17:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Start Menu\Programs\SySaver
[2013/08/27 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/08/27 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\My Documents\Flash Player Pro
[2013/08/27 17:32:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathie\Local Settings\Application Data\SySaver
[2013/08/26 18:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\PrinterShare
[2013/08/26 18:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\wrapper_inst
[2013/08/26 18:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2013/08/22 15:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/11 09:57:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/11 09:57:14 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2013/09/11 09:56:46 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2013/09/11 09:56:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/07 13:51:57 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Microsoft Office Excel 2003.lnk
[2013/09/07 10:12:43 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\SpeedFan.lnk
[2013/09/07 10:12:42 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/09/07 10:05:15 | 002,143,832 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\instsf449.exe
[2013/09/02 18:42:33 | 003,007,700 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\revouninstaller.zip
[2013/09/02 18:21:37 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/02 18:20:06 | 005,127,856 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kathie\Desktop\spsetup122.exe
[2013/09/02 17:57:14 | 002,799,296 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Kathie\Desktop\procexp.exe
[2013/09/02 13:48:39 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Kathie\Desktop\VEW.exe
[2013/09/02 11:05:38 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 11:04:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kathie\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/02 10:41:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Kathie\Desktop\tdsskiller.exe
[2013/09/02 10:18:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/02 09:34:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/02 09:22:24 | 005,119,472 | R--- | M] (Swearware) -- C:\Documents and Settings\Kathie\Desktop\ComboFix.exe
[2013/08/31 23:46:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kathie\Desktop\aswmbr.exe
[2013/08/31 23:07:16 | 001,027,511 | ---- | M] (Thisisu) -- C:\Documents and Settings\Kathie\Desktop\JRT.exe
[2013/08/31 23:01:09 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Driver Genius.lnk
[2013/08/31 22:37:08 | 000,994,642 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\adwcleaner.exe
[2013/08/31 15:13:22 | 000,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/31 14:42:10 | 000,589,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/31 14:42:10 | 000,114,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/31 14:38:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/31 00:02:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/28 13:25:43 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/08/27 18:39:54 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Kathie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/27 17:33:04 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/07 10:12:43 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\SpeedFan.lnk
[2013/09/07 10:06:13 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/09/07 10:05:08 | 002,143,832 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\instsf449.exe
[2013/09/02 18:42:24 | 003,007,700 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\revouninstaller.zip
[2013/09/02 18:21:36 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/02 13:48:39 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Kathie\Desktop\VEW.exe
[2013/09/02 11:05:38 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 09:34:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/02 09:34:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/02 09:26:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/02 09:26:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/02 09:26:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/02 09:26:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/02 09:26:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/08/31 23:01:08 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\Driver Genius.lnk
[2013/08/31 22:37:05 | 000,994,642 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\adwcleaner.exe
[2013/08/30 08:15:36 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2013/08/27 17:33:03 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Kathie\Desktop\Flash Player Pro.lnk
[2013/06/30 20:57:48 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Kathie\ntuser.pol
[2013/06/27 19:09:33 | 000,712,264 | ---- | C] () -- C:\WINDOWS\is-JU18I.exe
[2013/06/02 11:06:04 | 000,893,239 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\a.zip
[2013/02/18 13:50:42 | 000,304,450 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/02/14 18:42:53 | 002,601,826 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2742438380-270914250-3487169969-1008-0.dat
[2013/02/14 15:19:44 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/02/06 09:20:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/11/10 12:06:35 | 000,121,960 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/01/14 21:11:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/08/27 15:31:00 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 16:46:26 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Kathie\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/04/30 02:25:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/02 18:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2010/10/12 14:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon IJ Network Tool
[2010/10/12 14:16:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/12 14:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2013/01/20 14:43:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/10/12 14:28:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2010/10/12 14:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2010/10/12 14:45:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/10/12 14:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2013/06/23 11:07:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/07/23 15:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/06/20 22:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2013/01/27 02:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/05/08 19:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/03/14 21:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/11/10 12:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/08/27 18:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2010/07/13 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2009/03/14 18:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/04/15 12:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/06/23 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\1O1L1I1PtF1F1C1N
[2013/09/02 18:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\AVG SafeGuard toolbar
[2010/10/12 14:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Canon
[2012/03/22 07:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Canon Easy-WebPrint EX
[2013/01/20 13:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Catalina Marketing Corp
[2013/06/02 11:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Catalina – Print Savings
[2009/06/20 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Downloaded Installations
[2013/04/28 13:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\ElevatedDiagnostics
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\GARMIN
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Leadertech
[2009/03/14 19:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Lenovo
[2013/02/11 14:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Memeo
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Nokia
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\PC Suite
[2009/03/14 21:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Samsung
[2013/01/20 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Seagate
[2011/09/18 22:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathie\Application Data\Tific

========== Purity Check ==========

< End of report >

Attached Files

OTL.Txt 143.84KB 96 downloads

#30
RKinner

Posted 11 September 2013 - 10:05 AM

Malware Expert

Expert
24,625 posts

Doesn't look like it worked that time. Start, Run, services.msc , OK then find Bonjour Service and right click on it and select Properties. Change the Startup Type: to Disabled then OK. (Did it give you an error?) Close Services.

Go into Firefox, Tools, Add-Ons and see if you can delete any that you do not use or that are listed as Disabled.

One add-on that you really should have is adblock plus. https://addons.mozil...n/adblock-plus/

After you install it, go into Firefox, Tools, Add-ons, Extensions and click on Options on the AdBlock Plus entry. Then on Filter Preferences. Under the Filter Subscriptions tab, uncheck the Allow Some Non-intrusive advertising then Close.

Get SpeedyFox:

http://www.crystalidea.com/speedyfox

Close Firefox and run it, Optimize! then Exit and restart Firefox. It should start a lot faster. Now test it to see if you are still getting a lot of ads.