Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-up Malware issue (again?). "DSS.DRIVEFOR.NET" [Solved]


  • This topic is locked This topic is locked

#1
AdamIsAdam

AdamIsAdam

    Member

  • Member
  • PipPipPip
  • 185 posts
I seem to have a popup problem. Seems to be only in chrome. Popup URL is dss.drivefor.net/sd/cpops..... (I have screen prints if needed).

I had a similar issue a few months ago and it seemed to have been corrected (see thread here). So I'm not sure if this a new infection or the old one somehow flared back up. The only site I can think of that I was on when this started up was ebay. Maybe craigslist too. And the pop-ups got VERY bad very quicly.

I ran a scan using Malwarebytes. I removed many files called "PUP.Optional.xxx". That didn't see to fix anything. I have screen prints if needed.

Also, they don't appear to be a problem on iExplorer, only Chrome. So I ran GooredFix, and also erunt. Not sure what I did right or wrong.

Here is my OTL log:

OTL logfile created on: 11/2/2013 3:38:58 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam Rosenfeld\Desktop\Geek to Go Diagnostics
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 59.07% Memory free
7.71 Gb Paging File | 4.21 Gb Available in Paging File | 54.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 349.20 Gb Free Space | 77.49% Space Free | Partition Type: NTFS

Computer Name: ADAMROSENFELD | User Name: Adam Rosenfeld | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/14 13:41:22 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/10/14 13:41:21 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/05 23:07:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Rosenfeld\Desktop\Geek to Go Diagnostics\OTL.exe
PRC - [2013/10/01 20:29:20 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/10/01 20:29:19 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/01 20:29:18 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/24 16:02:59 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
PRC - [2011/03/14 07:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 07:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 07:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 07:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 21:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 00:05:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef63e29e24bf73b2a8659e13aa18fbbb\System.Runtime.Remoting.ni.dll
MOD - [2013/10/12 10:25:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/12 10:24:34 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/12 10:24:30 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/11 23:26:48 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/11 23:26:30 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/11 23:26:19 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/11 23:26:16 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/10/11 23:26:09 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/10/01 20:29:22 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/01 20:29:22 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/01 20:29:20 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/09/13 22:48:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/01 22:54:11 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/09/01 22:52:44 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/09/01 15:18:21 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll
MOD - [2013/08/14 21:09:44 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 21:09:20 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 21:09:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 15:39:04 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 15:38:43 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/15 21:50:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/07/12 20:42:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 23:38:37 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/14 13:41:21 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2013/10/09 20:16:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 20:29:19 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/06/07 22:03:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/14 07:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/14 13:41:57 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/14 13:41:57 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/14 13:41:57 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/14 13:41:56 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/14 13:41:56 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/14 13:41:56 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/14 13:41:56 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 13:41:56 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/01 20:29:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/07 10:07:36 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/04 15:15:16 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2011/04/06 16:55:03 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/06 16:55:03 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/06 16:55:03 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/25 21:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/20 21:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 21:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 23:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/01/13 21:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/13 21:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/29 09:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/09 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12 [2013/10/01 20:29:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/09 22:00:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Total Defense Anti-Phishing Google Chrome Toolbar (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih\2.0.0.556_0\npTDGCToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: LyriXeeker-1 = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.25.28_0\crossrider
CHR - Extension: LyriXeeker-1 = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.25.28_0\
CHR - Extension: Google Wallet = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/10/30 20:15:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: brokeragebuilder.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: reged.com ([secure] https in Trusted sites)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.e...om/eztwainx.cab (EZTwainX by Dosadi)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC211E4-0AB7-4EAF-955F-B00E5BA2A6C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC165E47-7983-45DC-B201-36594D8A9BC9}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/02 14:03:34 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/10/31 22:02:18 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{941CACB8-7B16-41AD-AFB4-EDA20F3EBAB7}
[2013/10/30 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\tdsskiller
[2013/10/30 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\GooredFix Backups
[2013/10/30 20:26:19 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Adam Rosenfeld\Desktop\GooredFix.exe
[2013/10/30 20:05:59 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\erunt
[2013/10/30 19:21:17 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\pics from election2013
[2013/10/29 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{3809298B-1E87-4EFC-BD2A-EDED7917C6AB}
[2013/10/26 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\directions
[2013/10/18 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 23:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 23:48:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/18 23:48:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/18 23:48:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/18 23:48:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/18 23:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/18 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{12F3A9B7-D160-4F6C-8C57-D6552ACD0220}
[2013/10/13 22:15:07 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{5D683D50-4036-4288-A067-620C03E48BAB}
[2013/10/12 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{EDCC8F8B-02FC-413A-8D48-1A608B5B5A00}
[2013/10/11 23:33:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/11 23:33:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/11 23:32:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/11 23:32:58 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/11 23:32:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/11 23:32:57 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/11 23:32:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/11 23:32:57 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/11 23:32:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/11 23:32:57 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/11 23:32:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/11 23:32:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/11 23:32:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/11 23:32:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/11 23:32:50 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/11 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{DAACFB4C-5E11-425C-B715-AD181E7DD02E}
[2013/10/10 21:29:07 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 21:29:07 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 21:29:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 21:29:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 21:29:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 21:29:06 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 21:29:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 21:29:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 21:29:04 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 21:29:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 21:29:01 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 21:29:00 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 21:28:53 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 21:28:52 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 21:28:49 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 21:28:49 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 21:28:48 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 21:28:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 21:28:46 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 21:28:45 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 21:28:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 21:28:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 21:28:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 21:28:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 21:28:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 21:28:29 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 21:28:29 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 21:28:25 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/06 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{6FAA0186-1017-43E7-B0DA-F6F0F54AFF76}
[2013/10/06 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{5FCC1031-846D-4382-8CC6-44AE49E1B3D0}
[2013/10/05 17:27:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/05 17:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/05 17:27:43 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/05 17:27:40 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/05 17:27:39 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/05 17:27:36 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/05 17:27:30 | 000,295,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/05 17:27:30 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/05 17:26:44 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/05 17:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/05 17:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/05 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{CDCDB87B-BA43-458C-9D40-19EF31D4AC38}
[2013/10/03 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{0CE3E151-893E-4345-BD41-855577480FD7}

========== Files - Modified Within 30 Days ==========

[2013/11/02 15:33:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 15:24:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
[2013/11/02 15:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 15:01:03 | 000,784,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/02 15:01:03 | 000,660,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/02 15:01:03 | 000,126,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/02 14:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job
[2013/11/02 14:07:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 14:07:31 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 14:00:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 10:45:31 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 10:44:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
[2013/10/31 22:49:39 | 000,018,241 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture MWB block message.JPG
[2013/10/31 22:01:36 | 000,000,632 | RHS- | M] () -- C:\Users\Adam Rosenfeld\ntuser.pol
[2013/10/31 16:01:37 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
[2013/10/31 00:37:20 | 000,006,616 | ---- | M] () -- C:\Windows\mozy.flt
[2013/10/31 00:37:20 | 000,004,356 | ---- | M] () -- C:\Windows\mozy.blk
[2013/10/31 00:16:12 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 20:26:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Adam Rosenfeld\Desktop\GooredFix.exe
[2013/10/30 20:15:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/29 06:39:52 | 000,121,606 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware results.JPG
[2013/10/28 16:30:51 | 000,084,930 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware dss.drivefor.net popup again.JPG
[2013/10/27 20:26:59 | 000,102,834 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture 1970 GTO Values.JPG
[2013/10/26 09:36:04 | 000,910,617 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Screenshot_2013-04-22-09-05-28 Max Rosenfeld.png
[2013/10/26 09:35:41 | 001,139,793 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Chorus Concert 1 Max Rosenfeld.jpg
[2013/10/24 22:07:59 | 000,715,308 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\scans from oct 10 max.pdf
[2013/10/24 19:58:06 | 007,185,053 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Max 5th grade Caumsett trip.JPG
[2013/10/22 21:49:52 | 001,218,368 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Evan Cohen orig.jpg
[2013/10/22 21:49:28 | 000,559,776 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\baby photo evan cohen.jpg
[2013/10/17 19:13:10 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/17 19:13:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/14 13:41:57 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/14 13:41:57 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/14 13:41:57 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/14 13:41:56 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/14 13:41:56 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/14 13:41:56 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/14 13:41:56 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/14 13:41:56 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/14 13:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/14 13:41:03 | 000,295,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/12 09:22:20 | 000,364,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 23:28:31 | 000,779,270 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/10 21:47:04 | 000,002,288 | -H-- | M] () -- C:\Users\Adam Rosenfeld\Documents\Default.rdp
[2013/10/09 20:15:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/09 20:15:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 07:50:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 07:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 07:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 07:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/06 01:21:50 | 000,060,073 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\dss.drivefor.net screen print.JPG
[2013/10/05 17:27:45 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/05 17:21:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/05 17:18:57 | 131,918,888 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\avast_free_antivirus_setup.exe
[2013/10/03 20:17:48 | 000,107,220 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture.JPG

========== Files Created - No Company Name ==========

[2013/10/31 22:49:36 | 000,018,241 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture MWB block message.JPG
[2013/10/29 06:39:51 | 000,121,606 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware results.JPG
[2013/10/28 16:30:50 | 000,084,930 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware dss.drivefor.net popup again.JPG
[2013/10/27 20:26:58 | 000,102,834 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture 1970 GTO Values.JPG
[2013/10/26 09:36:04 | 000,910,617 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Screenshot_2013-04-22-09-05-28 Max Rosenfeld.png
[2013/10/26 09:35:39 | 001,139,793 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Chorus Concert 1 Max Rosenfeld.jpg
[2013/10/24 22:07:58 | 000,715,308 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\scans from oct 10 max.pdf
[2013/10/24 19:58:02 | 007,185,053 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Max 5th grade Caumsett trip.JPG
[2013/10/22 21:49:17 | 000,559,776 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\baby photo evan cohen.jpg
[2013/10/22 21:47:15 | 001,218,368 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Evan Cohen orig.jpg
[2013/10/22 20:21:14 | 001,290,784 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\evan 10th DSC04750.JPG
[2013/10/22 20:13:55 | 001,588,838 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Max 3rd Grade recorder recital.jpg
[2013/10/22 20:10:33 | 000,165,638 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\2004_0516_ Max Beach Baby Pic.JPG
[2013/10/17 19:13:10 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/06 01:21:49 | 000,060,073 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\dss.drivefor.net screen print.JPG
[2013/10/05 17:27:45 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/05 17:27:35 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/05 17:27:33 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/05 17:27:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/10/05 17:17:52 | 131,918,888 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\avast_free_antivirus_setup.exe
[2013/09/30 07:01:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/30 07:01:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/30 07:01:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/30 07:01:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/30 07:01:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/27 10:41:36 | 000,000,113 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\WB.CFG
[2013/06/13 08:46:06 | 000,000,005 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\WBPU-TTL.DAT
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/23 13:43:30 | 000,000,089 | ---- | C] () -- C:\Windows\EWF630.ini
[2013/03/23 13:02:44 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
[2012/04/17 23:26:29 | 000,779,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 22:48:09 | 000,000,632 | RHS- | C] () -- C:\Users\Adam Rosenfeld\ntuser.pol
[2011/07/03 09:24:35 | 002,427,882 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\[j0003]-[p01].bmp
[2010/12/11 11:51:51 | 006,425,080 | -H-- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\IconCache (1).db
[2010/02/21 10:40:34 | 000,168,960 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 20:14:24 | 000,079,496 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2010/02/20 16:04:43 | 006,291,456 | -H-- | C] () -- C:\Users\Adam Rosenfeld\NTUSER (1).DAT
[2010/02/20 16:04:43 | 000,000,278 | -HS- | C] () -- C:\Users\Adam Rosenfeld\ntuser (1).ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 781 bytes -> C:\Users\Adam Rosenfeld\Documents\ROSENFELD Re_ great grandparents_.eml:OECustomProperty

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again .. This is a different one, adlyrics

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
ok, both scans completed.

OTL logfile created on: 11/2/2013 7:27:45 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam Rosenfeld\Desktop\Geek to Go Diagnostics
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.94% Memory free
7.71 Gb Paging File | 5.69 Gb Available in Paging File | 73.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 349.05 Gb Free Space | 77.45% Space Free | Partition Type: NTFS

Computer Name: ADAMROSENFELD | User Name: Adam Rosenfeld | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/14 13:41:22 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/10/14 13:41:21 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/05 23:07:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam Rosenfeld\Desktop\Geek to Go Diagnostics\OTL.exe
PRC - [2013/10/01 20:29:20 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/10/01 20:29:19 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/01 20:29:18 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/24 16:02:59 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
PRC - [2011/03/14 07:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 07:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 07:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 07:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 21:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 00:05:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef63e29e24bf73b2a8659e13aa18fbbb\System.Runtime.Remoting.ni.dll
MOD - [2013/10/12 10:25:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/12 10:24:34 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/12 10:24:30 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/11 23:26:48 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/11 23:26:30 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/11 23:26:19 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/11 23:26:16 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/10/11 23:26:09 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/01 20:29:22 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/01 20:29:22 | 000,142,360 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/01 20:29:20 | 002,404,376 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/09/13 22:48:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/09/01 22:54:11 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/09/01 22:52:44 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/09/01 15:18:21 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll
MOD - [2013/08/14 21:09:44 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 21:09:20 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 21:09:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 15:39:04 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/14 15:38:43 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/15 21:50:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/07/12 20:42:31 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 23:38:37 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/14 13:41:21 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2013/10/09 20:16:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 20:29:19 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/17 15:01:36 | 000,587,120 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe -- (AffinegyService)
SRV - [2011/06/07 22:03:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/14 07:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/09/13 21:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/14 13:41:57 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/14 13:41:57 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/14 13:41:57 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/14 13:41:56 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/14 13:41:56 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/14 13:41:56 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/14 13:41:56 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 13:41:56 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/01 20:29:23 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/07 10:07:36 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/04 15:15:16 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2011/04/06 16:55:03 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/06 16:55:03 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/06 16:55:03 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/25 21:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/20 21:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 21:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 23:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/01/13 21:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/13 21:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/29 09:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/09 22:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.12 [2013/10/01 20:29:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/09 22:00:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Total Defense Anti-Phishing Google Chrome Toolbar (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih\2.0.0.556_0\npTDGCToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Adam Rosenfeld\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Wallet = C:\Users\Adam Rosenfeld\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/11/02 18:55:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Adam Rosenfeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: brokeragebuilder.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: reged.com ([secure] https in Trusted sites)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.e...om/eztwainx.cab (EZTwainX by Dosadi)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EC211E4-0AB7-4EAF-955F-B00E5BA2A6C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC165E47-7983-45DC-B201-36594D8A9BC9}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/02 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{74203818-DF2E-4377-A46A-BD86711C1827}
[2013/10/31 22:02:18 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{941CACB8-7B16-41AD-AFB4-EDA20F3EBAB7}
[2013/10/30 20:27:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\tdsskiller
[2013/10/30 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\GooredFix Backups
[2013/10/30 20:26:19 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Adam Rosenfeld\Desktop\GooredFix.exe
[2013/10/30 20:05:59 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\erunt
[2013/10/30 19:21:17 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\pics from election2013
[2013/10/29 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{3809298B-1E87-4EFC-BD2A-EDED7917C6AB}
[2013/10/26 09:13:01 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\Desktop\directions
[2013/10/18 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 23:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 23:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/18 22:59:44 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{12F3A9B7-D160-4F6C-8C57-D6552ACD0220}
[2013/10/13 22:15:07 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{5D683D50-4036-4288-A067-620C03E48BAB}
[2013/10/12 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{EDCC8F8B-02FC-413A-8D48-1A608B5B5A00}
[2013/10/11 22:56:58 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{DAACFB4C-5E11-425C-B715-AD181E7DD02E}
[2013/10/06 21:23:12 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{6FAA0186-1017-43E7-B0DA-F6F0F54AFF76}
[2013/10/06 08:08:03 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{5FCC1031-846D-4382-8CC6-44AE49E1B3D0}
[2013/10/05 17:27:44 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/05 17:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/05 17:27:43 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/05 17:27:40 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/05 17:27:39 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/05 17:27:36 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/05 17:27:30 | 000,295,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/05 17:27:30 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/05 17:26:44 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/05 17:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/05 17:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/05 17:17:21 | 000,000,000 | ---D | C] -- C:\Users\Adam Rosenfeld\AppData\Local\{CDCDB87B-BA43-458C-9D40-19EF31D4AC38}

========== Files - Modified Within 30 Days ==========

[2013/11/02 19:33:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 19:24:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000UA.job
[2013/11/02 19:22:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 19:21:51 | 000,000,632 | RHS- | M] () -- C:\Users\Adam Rosenfeld\ntuser.pol
[2013/11/02 19:12:37 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 19:12:37 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 19:05:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/02 19:04:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/02 19:04:46 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/02 18:55:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/02 18:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004UA.job
[2013/11/02 15:48:16 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1004Core.job
[2013/11/02 15:01:03 | 000,784,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/02 15:01:03 | 000,660,858 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/02 15:01:03 | 000,126,664 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/02 10:44:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-33795446-1446344522-1645180631-1000Core.job
[2013/10/31 22:49:39 | 000,018,241 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture MWB block message.JPG
[2013/10/31 00:37:20 | 000,006,616 | ---- | M] () -- C:\Windows\mozy.flt
[2013/10/31 00:37:20 | 000,004,356 | ---- | M] () -- C:\Windows\mozy.blk
[2013/10/30 20:26:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Adam Rosenfeld\Desktop\GooredFix.exe
[2013/10/29 06:39:52 | 000,121,606 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware results.JPG
[2013/10/28 16:30:51 | 000,084,930 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware dss.drivefor.net popup again.JPG
[2013/10/27 20:26:59 | 000,102,834 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture 1970 GTO Values.JPG
[2013/10/26 09:36:04 | 000,910,617 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Screenshot_2013-04-22-09-05-28 Max Rosenfeld.png
[2013/10/26 09:35:41 | 001,139,793 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Chorus Concert 1 Max Rosenfeld.jpg
[2013/10/24 22:07:59 | 000,715,308 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\scans from oct 10 max.pdf
[2013/10/24 19:58:06 | 007,185,053 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Max 5th grade Caumsett trip.JPG
[2013/10/22 21:49:52 | 001,218,368 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Evan Cohen orig.jpg
[2013/10/22 21:49:28 | 000,559,776 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\baby photo evan cohen.jpg
[2013/10/17 19:13:10 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/17 19:13:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/14 13:41:57 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/14 13:41:57 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/14 13:41:57 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/14 13:41:56 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/14 13:41:56 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/14 13:41:56 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/14 13:41:56 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/14 13:41:56 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/14 13:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/14 13:41:03 | 000,295,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/12 09:22:20 | 000,364,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/11 23:28:31 | 000,779,270 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/10 21:47:04 | 000,002,288 | -H-- | M] () -- C:\Users\Adam Rosenfeld\Documents\Default.rdp
[2013/10/06 01:21:50 | 000,060,073 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\dss.drivefor.net screen print.JPG
[2013/10/05 17:27:45 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/05 17:21:33 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/05 17:18:57 | 131,918,888 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\avast_free_antivirus_setup.exe
[2013/10/03 20:17:48 | 000,107,220 | ---- | M] () -- C:\Users\Adam Rosenfeld\Desktop\Capture.JPG

========== Files Created - No Company Name ==========

[2013/10/31 22:49:36 | 000,018,241 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture MWB block message.JPG
[2013/10/29 06:39:51 | 000,121,606 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware results.JPG
[2013/10/28 16:30:50 | 000,084,930 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture malware dss.drivefor.net popup again.JPG
[2013/10/27 20:26:58 | 000,102,834 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Capture 1970 GTO Values.JPG
[2013/10/26 09:36:04 | 000,910,617 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Screenshot_2013-04-22-09-05-28 Max Rosenfeld.png
[2013/10/26 09:35:39 | 001,139,793 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Chorus Concert 1 Max Rosenfeld.jpg
[2013/10/24 22:07:58 | 000,715,308 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\scans from oct 10 max.pdf
[2013/10/24 19:58:02 | 007,185,053 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Max 5th grade Caumsett trip.JPG
[2013/10/22 21:49:17 | 000,559,776 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\baby photo evan cohen.jpg
[2013/10/22 21:47:15 | 001,218,368 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Evan Cohen orig.jpg
[2013/10/22 20:21:14 | 001,290,784 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\evan 10th DSC04750.JPG
[2013/10/22 20:13:55 | 001,588,838 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\Max 3rd Grade recorder recital.jpg
[2013/10/22 20:10:33 | 000,165,638 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\2004_0516_ Max Beach Baby Pic.JPG
[2013/10/17 19:13:10 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/06 01:21:49 | 000,060,073 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\dss.drivefor.net screen print.JPG
[2013/10/05 17:27:45 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/05 17:27:35 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/05 17:27:33 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/05 17:27:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/10/05 17:17:52 | 131,918,888 | ---- | C] () -- C:\Users\Adam Rosenfeld\Desktop\avast_free_antivirus_setup.exe
[2013/09/30 07:01:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/30 07:01:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/30 07:01:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/30 07:01:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/30 07:01:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/27 10:41:36 | 000,000,113 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\WB.CFG
[2013/06/13 08:46:06 | 000,000,005 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Roaming\WBPU-TTL.DAT
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/23 13:43:30 | 000,000,089 | ---- | C] () -- C:\Windows\EWF630.ini
[2013/03/23 13:02:44 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
[2012/04/17 23:26:29 | 000,779,270 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/30 22:48:09 | 000,000,632 | RHS- | C] () -- C:\Users\Adam Rosenfeld\ntuser.pol
[2011/07/03 09:24:35 | 002,427,882 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\[j0003]-[p01].bmp
[2010/12/11 11:51:51 | 006,425,080 | -H-- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\IconCache (1).db
[2010/02/21 10:40:34 | 000,168,960 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 20:14:24 | 000,079,496 | ---- | C] () -- C:\Users\Adam Rosenfeld\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2010/02/20 16:04:43 | 006,291,456 | -H-- | C] () -- C:\Users\Adam Rosenfeld\NTUSER (1).DAT
[2010/02/20 16:04:43 | 000,000,278 | -HS- | C] () -- C:\Users\Adam Rosenfeld\ntuser (1).ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/03 16:29:22 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Audacity
[2011/08/18 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\AVG10
[2011/08/18 09:36:10 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/11/02 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Dropbox
[2011/08/18 09:36:11 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\EasyMP3Downloader
[2013/03/23 14:35:29 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Epson
[2011/08/18 09:36:11 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\FileZilla
[2011/08/18 09:36:11 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Gmail Backup
[2011/12/28 18:21:57 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\LaunchPad
[2011/08/18 09:36:11 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Leadertech
[2011/08/18 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\OpenOffice.org
[2013/02/23 01:06:15 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\PDF Reader Packages
[2011/08/18 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\pdf995
[2012/07/12 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\PFStaticIP
[2011/08/18 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\PhotoWorks
[2013/05/08 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\PowerCinema
[2010/04/17 19:00:56 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Publish Providers
[2011/08/18 09:36:20 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\RegistryKeys
[2012/02/01 21:21:34 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\RoboForm
[2013/05/09 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Samsung
[2013/09/22 08:15:44 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\SketchUp
[2012/04/02 21:20:52 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\SmartDraw
[2011/08/18 09:36:20 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Sony
[2012/07/11 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\SumatraPDF
[2011/08/18 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Ulead Systems
[2011/08/21 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\Windows Live Writer
[2013/02/24 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Adam Rosenfeld\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 781 bytes -> C:\Users\Adam Rosenfeld\Documents\ROSENFELD Re_ great grandparents_.eml:OECustomProperty

< End of report >



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Adam Rosenfeld on Sat 11/02/2013 at 19:51:46.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{0CE3E151-893E-4345-BD41-855577480FD7}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{10C610EC-077C-43E5-A4AA-E236108D3498}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{12F3A9B7-D160-4F6C-8C57-D6552ACD0220}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{1BB210A0-999E-4337-8C47-DDC6E5E29F16}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{3809298B-1E87-4EFC-BD2A-EDED7917C6AB}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5D683D50-4036-4288-A067-620C03E48BAB}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{5FCC1031-846D-4382-8CC6-44AE49E1B3D0}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{6FAA0186-1017-43E7-B0DA-F6F0F54AFF76}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{74203818-DF2E-4377-A46A-BD86711C1827}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{941CACB8-7B16-41AD-AFB4-EDA20F3EBAB7}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{C944FD1C-BA52-4438-B85C-A0963AC1850F}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{CDCDB87B-BA43-458C-9D40-19EF31D4AC38}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{DAACFB4C-5E11-425C-B715-AD181E7DD02E}
Successfully deleted: [Empty Folder] C:\Users\Adam Rosenfeld\appdata\local\{EDCC8F8B-02FC-413A-8D48-1A608B5B5A00}



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Adam Rosenfeld\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/02/2013 at 20:04:24.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To set Avast to detect this type of adware do the following :

Open the GUI and select Settings > Active protection
Click the webshield cog > Sensitivity
Tick the PUP option
Repeat for File system shield

[attachment=67422:Capture.JPG]

How is the computer now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#5
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
Well, good news and less than good news:
- Chrome seems to be working better so far.
- I havse MBAM running now, but I can't do what you instructed with Avast. I don't have the same version. I have 131017-0 free version, and it won't update. Last update successfully completed on 10/17/13. I clicked update, and it gets hung up on the "initializing" step (1 of 3). Elsewhere it states that it's version 8.0.1500 of 9.xx. So I know it's out of date.

Any suggestions on that?

I'll finish the rest of the instructions and post MBAM scan results when that's done.

Thanks, as always.
  • 0

#6
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
I wasn't sure if you prefer that I edit my last post or add another to include the MBAM log. so I'm adding a new post. Please note my question above though. Thanks.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Adam Rosenfeld :: ADAMROSENFELD [administrator]

Protection: Enabled

11/3/2013 8:54:58 AM
mbam-log-2013-11-03 (08-54-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275992
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is version 9 that I am running

If you wish to update to that then do the following

Download Uninstall Utility to your Desktop.
Download the correct version of Avast
Avast Free
Avast Pro
Avast Internet Security
Avast Premier
Disconnect from the net
Uninstall Avast via control panel

  • Run Run Avastclear
  • Once complete reboot your system
  • Reinstall Avast
----------
  • 0

#8
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
I can't get Avast to uninstatll. I keep getting aswRunDll.exe - Application Error when I try to uninstall from Control Panel. I have a screen print if you need to see where the integer failure was.

Edited by AdamIsAdam, 03 November 2013 - 08:59 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok run Avastclear that should remove it, it will ask to reboot to safe mode allow it to do so
  • 0

#10
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
ok,I was able to remove old Avast. I installed new version, but it won't register account, so it's not connected to Avast. What that means is when I go to the settings tab as instructed, that screen is blank. I don't understand why it won't register my device/account.

The popup problems I was having do seem to be gone, but I am no longer running Avast. I do run MBAM and Scotty security.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you give me a screenshot of what you are seeing please
  • 0

#12
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
here you go. First is the attempt to log in, then the error:

https://dl.dropboxus...8/Capture 1.JPG

https://dl.dropboxus...8/Capture 2.JPG
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Go to Control Panel > Programs and Features
Select Avast
Then select Repair
On completion reboot and try again
[attachment=67446:Capture.JPG]
  • 0

#14
AdamIsAdam

AdamIsAdam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 185 posts
completed as directed. No change to how Avast is behaving. I still don't have that menu in settings (in avast)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok could you uninstall Avast, use the avastclear utility and then re-install Avast but this time install from safe mode
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP