Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Swagbucks problem

Started by Vintage Charms , Oct 29 2013 01:25 PM

Page 3 of 5
1
2
3
4
5

Please log in to reply

#31
Vintage Charms

Posted 31 October 2013 - 01:22 PM

Member

Topic Starter
Member
75 posts

Go into msconfig and check Normal Startup and OK and reboot.

Uninstall:

Microsoft Security Essentials (YOu have AVG so should not have a second anti-virus. DID THIS

Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1) (Older Java Versions are dangerous! If you must have Java then: Go into Control Panel, Java, Security and set the slider to the Highest then OK. ) DID THIS

K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4) (This installs a bunch of adware and worthless toolbars) REMOVED

Microsoft Live Search Toolbar (x32 Version: 3.0.560.0) DON'T SEE THIS

SUPERAntiSpyware - REMOVE THIS TOO?

Download the attached fixlist.txt to the same location as FRST IT WILL NOT ALLOW ME TO SAVE TO C: Can I put it on the desktop?
Run FRST and press Fix
A fix log will be generated please post that then run FRST again as before but check the Addition.txt box before you Scan. You will get two logs. Please post them both.

#32
Vintage Charms

Posted 31 October 2013 - 01:37 PM

Member

Topic Starter
Member
75 posts

Task: {BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} - System32\Tasks\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Iexplore.exe http://ui.skype.com/...;toolbaroffered
Task: {C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: {F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:072CBE6D
AlternateDataStreams: C:\ProgramData\Temp:0A74923C
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1B7E2022
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:2342AE46
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:36FFA2FB
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4EE95FE7
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:551BED5F
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:561B1D2B
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:61F0C8FB
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6B9828AE
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7972CF54
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63
AlternateDataStreams: C:\ProgramData\Temp:7A84B999
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F925134
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:C74D7A47
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E83EE313
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC0A74A1
AlternateDataStreams: C:\ProgramData\Temp:EFBD4447
AlternateDataStreams: C:\ProgramData\Temp:F3A27FDE
AlternateDataStreams: C:\ProgramData\Temp:F437A62A
SearchScopes: HKLM - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL =
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
S3 DfSdkS; "E:\JAN 18 prog files\Ashampoo WinOptimizer 6\Dfsdks.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
C:\Users\Hewlett\AppData\Roaming\Uniblue
C:\ProgramData\Uniblue
C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
C:\Users\Hewlett\AdwCleaner.exe
C:\Users\Hewlett\fbchathistory.dat
C:\Users\Hewlett\FHSetup.exe
C:\Users\Hewlett\jre-7u40-windows-x64.exe
C:\Users\Hewlett\mseinstall.exe
C:\Users\Hewlett\AppData\Local\Temp\Quarantine.exe

#33
Vintage Charms

Posted 31 October 2013 - 01:50 PM

Member

Topic Starter
Member
75 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Hewlett at 2013-10-31 15:46:40 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} - System32\Tasks\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Iexplore.exe http://ui.skype.com/...;toolbaroffered
Task: {C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: {F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-31] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job => C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:02DD996C
AlternateDataStreams: C:\ProgramData\Temp:072CBE6D
AlternateDataStreams: C:\ProgramData\Temp:0A74923C
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:0E22C5DB
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9
AlternateDataStreams: C:\ProgramData\Temp:12258D63
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:1A15E356
AlternateDataStreams: C:\ProgramData\Temp:1B7E2022
AlternateDataStreams: C:\ProgramData\Temp:1E17A249
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:22313216
AlternateDataStreams: C:\ProgramData\Temp:2342AE46
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:331B76C7
AlternateDataStreams: C:\ProgramData\Temp:36FFA2FB
AlternateDataStreams: C:\ProgramData\Temp:391535F9
AlternateDataStreams: C:\ProgramData\Temp:409A775B
AlternateDataStreams: C:\ProgramData\Temp:43301D1D
AlternateDataStreams: C:\ProgramData\Temp:4673E9EA
AlternateDataStreams: C:\ProgramData\Temp:4B6A9FDA
AlternateDataStreams: C:\ProgramData\Temp:4EE95FE7
AlternateDataStreams: C:\ProgramData\Temp:4EFDF5FB
AlternateDataStreams: C:\ProgramData\Temp:551BED5F
AlternateDataStreams: C:\ProgramData\Temp:5539129F
AlternateDataStreams: C:\ProgramData\Temp:55F44B88
AlternateDataStreams: C:\ProgramData\Temp:561B1D2B
AlternateDataStreams: C:\ProgramData\Temp:5E9B629B
AlternateDataStreams: C:\ProgramData\Temp:61B54B15
AlternateDataStreams: C:\ProgramData\Temp:61F0C8FB
AlternateDataStreams: C:\ProgramData\Temp:62AF94A0
AlternateDataStreams: C:\ProgramData\Temp:6401C7FF
AlternateDataStreams: C:\ProgramData\Temp:6896CCCE
AlternateDataStreams: C:\ProgramData\Temp:6B709AD7
AlternateDataStreams: C:\ProgramData\Temp:6B9828AE
AlternateDataStreams: C:\ProgramData\Temp:737160C1
AlternateDataStreams: C:\ProgramData\Temp:78E0DF72
AlternateDataStreams: C:\ProgramData\Temp:7972CF54
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63
AlternateDataStreams: C:\ProgramData\Temp:7A84B999
AlternateDataStreams: C:\ProgramData\Temp:8E5EA40F
AlternateDataStreams: C:\ProgramData\Temp:8F925134
AlternateDataStreams: C:\ProgramData\Temp:9ACB70D7
AlternateDataStreams: C:\ProgramData\Temp:9BAC4211
AlternateDataStreams: C:\ProgramData\Temp:A02025CE
AlternateDataStreams: C:\ProgramData\Temp:A7DA2BCD
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:B36361EE
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:C22674B6
AlternateDataStreams: C:\ProgramData\Temp:C6D0ABC3
AlternateDataStreams: C:\ProgramData\Temp:C74D7A47
AlternateDataStreams: C:\ProgramData\Temp:D31BE97C
AlternateDataStreams: C:\ProgramData\Temp:E21987F7
AlternateDataStreams: C:\ProgramData\Temp:E32966C0
AlternateDataStreams: C:\ProgramData\Temp:E83EE313
AlternateDataStreams: C:\ProgramData\Temp:E8B61305
AlternateDataStreams: C:\ProgramData\Temp:EBCF5924
AlternateDataStreams: C:\ProgramData\Temp:EC0A74A1
AlternateDataStreams: C:\ProgramData\Temp:EFBD4447
AlternateDataStreams: C:\ProgramData\Temp:F3A27FDE
AlternateDataStreams: C:\ProgramData\Temp:F437A62A
SearchScopes: HKLM - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {337113BC-D80B-4AE0-95FC-BD4F05655A21} URL =
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll No File
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: HKLM-x32 {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll No File
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\Hewlett\AppData\Roaming\IDM\idmmzcc5
S3 DfSdkS; "E:\JAN 18 prog files\Ashampoo WinOptimizer 6\Dfsdks.exe" [x]
S3 STSService; "C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe" [x]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]
C:\Users\Hewlett\AppData\Roaming\Uniblue
C:\ProgramData\Uniblue
C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
C:\Users\Hewlett\AdwCleaner.exe
C:\Users\Hewlett\fbchathistory.dat
C:\Users\Hewlett\FHSetup.exe
C:\Users\Hewlett\jre-7u40-windows-x64.exe
C:\Users\Hewlett\mseinstall.exe
C:\Users\Hewlett\AppData\Local\Temp\Quarantine.exe

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD89B565-6C23-46A8-8D7C-8EEAB99EBDCC} => Key deleted successfully.
C:\Windows\System32\Tasks\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2E148BAD-DF4E-4C35-BF6B-CA5A5AA8E384} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C02CB7AF-9D9C-4C42-A41A-8A991C6AF2F4} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1BF90C8-2DA5-4430-B01B-BE4F6D347D02} => Key deleted successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core => Key deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4001588775-3003906427-958657270-1004UA.job => Moved successfully.
C:\ProgramData\Temp => ":02DD996C" ADS removed successfully.
C:\ProgramData\Temp => ":072CBE6D" ADS removed successfully.
C:\ProgramData\Temp => ":0A74923C" ADS removed successfully.
C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.
C:\ProgramData\Temp => ":0E22C5DB" ADS removed successfully.
C:\ProgramData\Temp => ":0E684AC9" ADS removed successfully.
C:\ProgramData\Temp => ":12258D63" ADS removed successfully.
C:\ProgramData\Temp => ":14A1BBE3" ADS removed successfully.
C:\ProgramData\Temp => ":1A15E356" ADS removed successfully.
C:\ProgramData\Temp => ":1B7E2022" ADS removed successfully.
C:\ProgramData\Temp => ":1E17A249" ADS removed successfully.
C:\ProgramData\Temp => ":1ECED34B" ADS removed successfully.
C:\ProgramData\Temp => ":206470A5" ADS removed successfully.
C:\ProgramData\Temp => ":22313216" ADS removed successfully.
C:\ProgramData\Temp => ":2342AE46" ADS removed successfully.
C:\ProgramData\Temp => ":260575F1" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":331B76C7" ADS removed successfully.
C:\ProgramData\Temp => ":36FFA2FB" ADS removed successfully.
C:\ProgramData\Temp => ":391535F9" ADS removed successfully.
C:\ProgramData\Temp => ":409A775B" ADS removed successfully.
C:\ProgramData\Temp => ":43301D1D" ADS removed successfully.
C:\ProgramData\Temp => ":4673E9EA" ADS removed successfully.
C:\ProgramData\Temp => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\Temp => ":4EE95FE7" ADS removed successfully.
C:\ProgramData\Temp => ":4EFDF5FB" ADS removed successfully.
C:\ProgramData\Temp => ":551BED5F" ADS removed successfully.
C:\ProgramData\Temp => ":5539129F" ADS removed successfully.
C:\ProgramData\Temp => ":55F44B88" ADS removed successfully.
C:\ProgramData\Temp => ":561B1D2B" ADS removed successfully.
C:\ProgramData\Temp => ":5E9B629B" ADS removed successfully.
C:\ProgramData\Temp => ":61B54B15" ADS removed successfully.
C:\ProgramData\Temp => ":61F0C8FB" ADS removed successfully.
C:\ProgramData\Temp => ":62AF94A0" ADS removed successfully.
C:\ProgramData\Temp => ":6401C7FF" ADS removed successfully.
C:\ProgramData\Temp => ":6896CCCE" ADS removed successfully.
C:\ProgramData\Temp => ":6B709AD7" ADS removed successfully.
C:\ProgramData\Temp => ":6B9828AE" ADS removed successfully.
C:\ProgramData\Temp => ":737160C1" ADS removed successfully.
C:\ProgramData\Temp => ":78E0DF72" ADS removed successfully.
C:\ProgramData\Temp => ":7972CF54" ADS removed successfully.
C:\ProgramData\Temp => ":7A0EFE63" ADS removed successfully.
C:\ProgramData\Temp => ":7A84B999" ADS removed successfully.
C:\ProgramData\Temp => ":8E5EA40F" ADS removed successfully.
C:\ProgramData\Temp => ":8F925134" ADS removed successfully.
C:\ProgramData\Temp => ":9ACB70D7" ADS removed successfully.
C:\ProgramData\Temp => ":9BAC4211" ADS removed successfully.
C:\ProgramData\Temp => ":A02025CE" ADS removed successfully.
C:\ProgramData\Temp => ":A7DA2BCD" ADS removed successfully.
C:\ProgramData\Temp => ":AA6C7C38" ADS removed successfully.
C:\ProgramData\Temp => ":B36361EE" ADS removed successfully.
C:\ProgramData\Temp => ":B38BEEEE" ADS removed successfully.
C:\ProgramData\Temp => ":BE0654D6" ADS removed successfully.
C:\ProgramData\Temp => ":C22674B6" ADS removed successfully.
C:\ProgramData\Temp => ":C6D0ABC3" ADS removed successfully.
C:\ProgramData\Temp => ":C74D7A47" ADS removed successfully.
C:\ProgramData\Temp => ":D31BE97C" ADS removed successfully.
C:\ProgramData\Temp => ":E21987F7" ADS removed successfully.
C:\ProgramData\Temp => ":E32966C0" ADS removed successfully.
C:\ProgramData\Temp => ":E83EE313" ADS removed successfully.
C:\ProgramData\Temp => ":E8B61305" ADS removed successfully.
C:\ProgramData\Temp => ":EBCF5924" ADS removed successfully.
C:\ProgramData\Temp => ":EC0A74A1" ADS removed successfully.
C:\ProgramData\Temp => ":EFBD4447" ADS removed successfully.
C:\ProgramData\Temp => ":F3A27FDE" ADS removed successfully.
C:\ProgramData\Temp => ":F437A62A" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key deleted successfully.
HKCR\CLSID\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key deleted successfully.
HKCR\CLSID\{337113BC-D80B-4AE0-95FC-BD4F05655A21} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} => Value deleted successfully.
HKCR\CLSID\{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\avgsecuritytoolbar => Key deleted successfully.
HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\avgsecuritytoolbar => Key not found.
HKCR\Wow6432Node\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter => Key deleted successfully.
C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer => Key deleted successfully.
C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll not found.
HKCU\Software\Mozilla\Firefox\Extensions\\[email protected] => Value deleted successfully.
DfSdkS => Service deleted successfully.
STSService => Service deleted successfully.
lvpopf64 => Service deleted successfully.
LVPr2M64 => Service deleted successfully.
C:\Users\Hewlett\AppData\Roaming\Uniblue => Moved successfully.
C:\ProgramData\Uniblue => Moved successfully.
C:\Users\Hewlett\13-1-legacy_vista_win7_win8_64_dd_ccc.exe => Moved successfully.
C:\Users\Hewlett\AdwCleaner.exe => Moved successfully.
C:\Users\Hewlett\fbchathistory.dat => Moved successfully.
C:\Users\Hewlett\FHSetup.exe => Moved successfully.
C:\Users\Hewlett\jre-7u40-windows-x64.exe => Moved successfully.
C:\Users\Hewlett\mseinstall.exe => Moved successfully.
C:\Users\Hewlett\AppData\Local\Temp\Quarantine.exe => Moved successfully.

#34
Vintage Charms

Posted 31 October 2013 - 01:50 PM

Member

Topic Starter
Member
75 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Hewlett (administrator) on HEWLETT-PC on 31-10-2013 15:47:17
Running from C:\FRST
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
(brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Autodata Limited) C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
() C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(CrashPlan) O:\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2185032 2009-10-18] (CANON INC.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-08-27] (Siber Systems)
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [Vidalia] - "E:\Tor Browser\App\vidalia.exe"
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6588144 2013-10-03] (SUPERAntiSpyware)
HKCU\...\Run: [NETGEARGenie] - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [1044224 2013-04-07] ()
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5904896 2010-08-27] (Logitech Inc.)
HKCU\...\Run: [KasperskyPasswordManager] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager\stpass.exe
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [IDMan] - C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMan.exe /onboot <===== ATTENTION
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-03-10] (AMD)
HKCU\...\Run: [Grid] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe [385024 2010-03-10] ()
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKCU\...\Run: [Facebook Update] - C:\Users\Hewlett\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-31] (Facebook Inc.)
HKCU\...\Run: [DVDFab Passkey] - "C:\Program Files (x86)\DVDFab Passkey\DVDFabPasskey.exe"
HKCU\...\Policies\system: [EnableLUA] 1
MountPoints2: M - M:\DTLplus_Launcher.exe
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Secure Online Account Numbers] - C:\Program Files (x86)\Discover\SOAN\DiscoverSOAN.exe [376832 2010-03-05] (Orbiscom Ltd. All rights reserved.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [376 2013-10-31] ()
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [24576 2010-07-07] (Creative Technology Ltd)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
Startup: C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Hewlett\AppData\Local\Apps\2.0\M23K5LCL.GD3\JN29OKJQ.ZDY\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...F9-DB3A14AE98B3
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://my.ebay.com/w...ll?MyEbay&gbh=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74146EA8A3D5CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Secure Online Account Numbers Helper - {435EAA86-D32B-484F-869C-53745FCB1642} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO-x32: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Secure Online Account Numbers - {A8C7C2CA-6DFD-4E16-8458-592361564D38} - C:\Program Files (x86)\Discover\SOAN\DiscoverSOANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {2FF8D282-F78A-4A33-ABC2-49E72A341482} http://riteaid.store...eUpload1_10.CAB
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB
DPF: HKLM-x32 {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} http://homedecorator...X_WEB_Win32.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Hewlett\AppData\Roaming\Mozilla\Firefox\Profiles\smj03a5y.default-1379960535967
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\Users\Hewlett\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Hewlett\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Firefox\Extensions: [discoversoan@orbiscom] - C:\Program Files (x86)\Discover\SOAN
FF Extension: Secure Online Account Numbers - C:\Program Files (x86)\Discover\SOAN
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Password Manager Autofill Engine) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddagfbbgmdhmolnjoaghlapikdcahbbl\5.0.0.170
CHR Extension: (Logitech SetPoint) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Gmail) - C:\Users\Hewlett\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Users\Hewlett\AppData\Local\Temp\Rar$EX70.016\Internet Download Manager 6.12 Build 21 Full Crack\IDMGCExt.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodata Limited License Service; C:\Program Files (x86)\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [72704 2013-01-24] (Autodata Limited)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
R2 Brother XP spl Service; C:\Windows\SysWow64\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd)
R2 CrashPlanService; O:\CrashPlanService.exe [222720 2013-04-08] (CrashPlan)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2012-03-04] (Digiarty Software, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-07-14] (Hauppauge Computer Works, Inc.)
R1 hugoio64; C:\Program Files (x86)\i-Menu\hugoio64.sys [13856 2008-04-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-06-27] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2010-01-21] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-31 15:13 - 2013-10-31 15:13 - 00000000 ____D C:\Users\Hewlett\Documents\Bluetooth Exchange Folder
2013-10-31 13:44 - 2013-10-31 13:44 - 00288436 _____ C:\Users\Hewlett\Desktop\OTL.Txt
2013-10-31 13:44 - 2013-10-31 13:44 - 00120750 _____ C:\Users\Hewlett\Desktop\Extras.Txt
2013-10-31 13:34 - 2013-10-31 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\Hewlett\Desktop\OTL.exe
2013-10-31 13:28 - 2013-10-31 13:30 - 00046087 _____ C:\Users\Hewlett\Desktop\FRST.txt
2013-10-31 13:27 - 2013-10-31 13:28 - 00034333 _____ C:\Users\Hewlett\Desktop\Addition.txt
2013-10-31 13:20 - 2013-10-31 15:46 - 00000000 ____D C:\FRST
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 12:37 - 2013-10-31 12:50 - 00000000 ____D C:\AdwCleaner
2013-10-30 19:45 - 2013-10-31 10:44 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-30 19:45 - 2013-10-31 10:44 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 19:44 - 2013-10-31 15:12 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:08 - 2013-10-31 15:12 - 00000280 _____ C:\Windows\setupact.log
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-24 11:48 - 2013-10-24 12:01 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:03 - 2013-10-24 12:38 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:42 - 2013-10-20 21:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 00:10 - 2013-10-28 18:45 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-09 18:56 - 2013-10-09 18:57 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-08 19:00 - 2013-09-22 11:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-08 19:00 - 2013-09-22 11:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-08 19:00 - 2013-09-22 10:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-08 19:00 - 2013-09-22 10:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-08 19:00 - 2013-09-22 10:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 10:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-08 19:00 - 2013-09-22 10:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-08 19:00 - 2013-09-22 10:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 10:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 10:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-08 19:00 - 2013-09-22 10:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-08 19:00 - 2013-09-22 10:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 10:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 10:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-08 19:00 - 2013-09-22 06:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-08 19:00 - 2013-09-22 06:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-08 19:00 - 2013-09-22 06:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-08 19:00 - 2013-09-22 06:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-08 19:00 - 2013-09-22 06:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-08 19:00 - 2013-09-22 06:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-08 19:00 - 2013-09-22 06:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-08 19:00 - 2013-09-22 06:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-08 19:00 - 2013-09-22 06:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-08 19:00 - 2013-09-22 06:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-08 19:00 - 2013-09-22 06:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-08 19:00 - 2013-09-22 06:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-08 19:00 - 2013-09-22 06:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-08 19:00 - 2013-09-22 05:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-08 18:45 - 2013-09-13 21:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-08 18:45 - 2013-09-07 22:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-08 18:45 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-08 18:45 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 18:45 - 2013-09-04 08:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-08 18:45 - 2013-09-04 08:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-08 18:45 - 2013-08-28 22:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 22:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-08 18:45 - 2013-08-28 22:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-08 18:45 - 2013-08-28 22:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-08 18:45 - 2013-08-28 21:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 18:45 - 2013-08-28 21:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 18:45 - 2013-08-28 21:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 18:45 - 2013-08-28 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 18:45 - 2013-08-28 21:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 18:45 - 2013-08-28 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 18:45 - 2013-08-28 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 18:45 - 2013-08-27 21:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-08 18:45 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-08 18:45 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-08 18:45 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 18:45 - 2013-07-12 06:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-08 18:45 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-08 18:45 - 2013-07-12 06:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-08 18:45 - 2013-07-04 08:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-08 18:45 - 2013-07-04 08:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 18:45 - 2013-07-04 07:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 18:45 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 18:45 - 2013-07-04 06:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-08 18:45 - 2013-07-03 00:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-08 18:45 - 2013-07-03 00:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-08 18:45 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-08 18:45 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-08 18:45 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-08 18:45 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-08 18:45 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 18:45 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 18:45 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 18:45 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 18:45 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome

==================== One Month Modified Files and Folders =======

2013-10-31 15:46 - 2013-10-31 13:20 - 00000000 ____D C:\FRST
2013-10-31 15:46 - 2009-12-16 15:17 - 00000000 ____D C:\Users\Hewlett
2013-10-31 15:30 - 2013-06-27 09:31 - 00000000 ____D C:\Users\Hewlett\AppData\Local\NETGEARGenie
2013-10-31 15:29 - 2012-10-09 16:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 15:24 - 2013-05-04 11:37 - 00000000 ____D C:\Users\Hewlett\Cloud Drive
2013-10-31 15:20 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 15:20 - 2009-07-14 00:45 - 00015984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 15:18 - 2009-07-14 01:13 - 00006664 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 15:16 - 2012-08-16 15:09 - 01670213 _____ C:\Windows\WindowsUpdate.log
2013-10-31 15:15 - 2011-01-25 20:30 - 00001945 _____ C:\Windows\epplauncher.mif
2013-10-31 15:13 - 2013-10-31 15:13 - 00000000 ____D C:\Users\Hewlett\Documents\Bluetooth Exchange Folder
2013-10-31 15:12 - 2013-10-30 19:44 - 00047104 ___SH C:\Users\Hewlett\Desktop\Thumbs.db
2013-10-31 15:12 - 2013-10-30 15:08 - 00000280 _____ C:\Windows\setupact.log
2013-10-31 15:12 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 15:08 - 2013-01-26 16:39 - 00000000 ____D C:\!ebay
2013-10-31 15:08 - 2010-10-18 00:25 - 00000000 ____D C:\Windows\pss
2013-10-31 15:08 - 2009-12-16 15:20 - 00000000 ___RD C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-31 13:59 - 2011-07-05 19:27 - 00000000 ____D C:\ProgramData\MFAData
2013-10-31 13:44 - 2013-10-31 13:44 - 00288436 _____ C:\Users\Hewlett\Desktop\OTL.Txt
2013-10-31 13:44 - 2013-10-31 13:44 - 00120750 _____ C:\Users\Hewlett\Desktop\Extras.Txt
2013-10-31 13:34 - 2013-10-31 13:34 - 00602112 _____ (OldTimer Tools) C:\Users\Hewlett\Desktop\OTL.exe
2013-10-31 13:30 - 2013-10-31 13:28 - 00046087 _____ C:\Users\Hewlett\Desktop\FRST.txt
2013-10-31 13:28 - 2013-10-31 13:27 - 00034333 _____ C:\Users\Hewlett\Desktop\Addition.txt
2013-10-31 13:16 - 2013-10-31 13:16 - 00000635 _____ C:\Users\Hewlett\Desktop\JRT.txt
2013-10-31 13:07 - 2013-10-31 13:07 - 01033335 _____ (Thisisu) C:\Users\Hewlett\Desktop\JRT.exe
2013-10-31 13:05 - 2009-12-17 18:34 - 00000000 ____D C:\!Personal Oct 2013
2013-10-31 12:54 - 2013-01-31 03:33 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForHewlett.job
2013-10-31 12:50 - 2013-10-31 12:37 - 00000000 ____D C:\AdwCleaner
2013-10-31 10:44 - 2013-10-30 19:45 - 00001961 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-10-31 10:44 - 2013-10-30 19:45 - 00001931 _____ C:\Users\Hewlett\Desktop\Update Checker.lnk
2013-10-31 10:42 - 2013-06-15 20:41 - 00180224 ___SH C:\Users\Hewlett\Downloads\Thumbs.db
2013-10-31 02:00 - 2013-01-31 03:33 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHewlett
2013-10-31 02:00 - 2011-11-02 04:22 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-31 02:00 - 2009-12-17 20:44 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HpUpdate
2013-10-31 01:58 - 2009-12-17 20:43 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\HP Support Assistant
2013-10-30 19:45 - 2013-10-30 19:45 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2013-10-30 18:54 - 2013-10-30 18:54 - 00000524 _____ C:\Windows\PFRO.log
2013-10-30 15:08 - 2013-10-30 15:08 - 00000000 _____ C:\Windows\setuperr.log
2013-10-30 14:53 - 2013-10-30 14:53 - 00000000 ____D C:\Users\Hewlett\Documents\JRT for geeks
2013-10-30 14:47 - 2013-08-19 21:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 14:46 - 2013-10-30 14:46 - 00000000 ____D C:\Windows\ERUNT
2013-10-30 11:33 - 2011-05-29 00:34 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\vlc
2013-10-30 08:40 - 2013-04-14 01:10 - 00000000 ____D C:\Orders
2013-10-30 08:40 - 2010-02-01 17:46 - 00000000 ____D C:\Users\Hewlett\AppData\Local\CutePDF Writer
2013-10-29 21:05 - 2011-08-16 13:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-29 20:34 - 2013-10-29 20:34 - 00001126 _____ C:\Users\Hewlett\Desktop\Vast Studios - Shortcut.lnk
2013-10-28 19:14 - 2012-02-16 23:03 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\GoodSync
2013-10-28 18:45 - 2013-10-16 00:10 - 00009296 _____ C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML
2013-10-28 18:40 - 2013-10-28 18:40 - 00000000 ____D C:\Users\Hewlett\Desktop\Games
2013-10-28 17:33 - 2010-01-31 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Local\Deployment
2013-10-28 00:00 - 2009-12-16 19:28 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-27 13:14 - 2013-10-27 13:14 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2013-10-27 06:16 - 2012-01-18 17:01 - 00000000 ____D C:\Personal old
2013-10-24 12:38 - 2013-10-24 06:03 - 01033335 _____ (Thisisu) C:\JRT.exe
2013-10-24 12:01 - 2013-10-24 11:48 - 00010240 ___SH C:\Users\Hewlett\Documents\Thumbs.db
2013-10-24 06:52 - 2009-12-16 19:33 - 00000426 _____ C:\Windows\BRWMARK.INI
2013-10-24 05:52 - 2013-10-24 05:52 - 00985600 _____ C:\Users\Hewlett\MicrosoftFixit50123.msi
2013-10-24 05:41 - 2013-10-24 05:41 - 00966656 _____ C:\Users\Hewlett\Downloads\MicrosoftFixit50043.msi
2013-10-23 08:03 - 2013-06-21 22:25 - 00000927 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-10-23 07:37 - 2010-01-21 17:37 - 00022016 _____ C:\Users\Hewlett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-22 08:25 - 2013-07-12 12:26 - 00000000 ____D C:\Class Actions
2013-10-21 08:47 - 2010-02-13 19:02 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\dvdcss
2013-10-20 21:42 - 2013-10-20 21:42 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 21:41 - 2013-10-20 21:42 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 21:41 - 2013-06-19 21:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 21:41 - 2013-06-19 21:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 21:41 - 2013-06-19 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 21:41 - 2011-02-21 17:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 03:34 - 2012-04-16 00:50 - 00000000 ____D C:\Users\Hewlett\Desktop\nzb
2013-10-20 02:37 - 2013-04-21 18:59 - 00000000 ____D C:\ProgramData\CrashPlan
2013-10-20 02:37 - 2013-04-21 18:58 - 00000000 ____D C:\Users\Hewlett\AppData\Roaming\CrashPlan
2013-10-15 09:28 - 2012-08-14 22:50 - 00001726 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-10-15 09:28 - 2012-08-14 22:50 - 00000000 ____D C:\Program Files\Defraggler
2013-10-12 01:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-09 18:57 - 2013-10-09 18:56 - 04369632 _____ (Piriform Ltd) C:\Program Files (x86)\ccsetup406.exe
2013-10-09 18:57 - 2013-04-14 00:07 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-09 18:57 - 2011-10-07 12:00 - 00000000 ____D C:\Program Files\CCleaner
2013-10-09 00:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-10-08 20:30 - 2012-10-09 16:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:30 - 2011-11-01 18:43 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:30 - 2011-05-23 21:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 19:10 - 2009-07-14 00:45 - 00579528 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-08 19:09 - 2012-05-12 22:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-08 19:03 - 2009-12-11 04:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-08 18:54 - 2013-07-12 08:23 - 00000000 ____D C:\Windows\system32\MRT
2013-10-08 18:52 - 2009-12-17 11:15 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-07 23:48 - 2013-10-07 23:48 - 00000000 ____D C:\Program Files (x86)\My RoboForm Data
2013-10-01 23:33 - 2013-10-01 23:33 - 00000000 ____D C:\Users\Hewlett\AppData\Local\avgchrome

Some content of TEMP:
====================
C:\Users\Hewlett\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-31 00:23

#35
Vintage Charms

Posted 31 October 2013 - 01:51 PM

Member

Topic Starter
Member
75 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Hewlett at 2013-10-31 15:47:36
Running from C:\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000)
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.13 (x64 edition) (Version: 9.13.00.0)
Adobe AIR (x32 Version: 3.3.0.3670)
Adobe Connect 9 Add-in (HKCU Version: 11,2,251,0)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Alt.Binz 0.39.4 (x32 Version: 0.39.4)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon MP3 Downloader 1.0.15 (x32 Version: 1.0.15)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71116.1554)
ArcSoft MediaImpression 2 (x32 Version: 2.0.45.541)
ArcSoft Panorama Maker 4 (x32 Version: 4.5.0.112)
ArcSoft PhotoStudio Darkroom 2 (x32 Version: 2.0.0.174)
ArcSoft Scan-n-Stitch Deluxe (x32 Version: 1.1.0.17)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 2013.0.3426)
Big City Adventure: London Classic (x32)
Big City Adventure: New York City (x32)
Big City Adventure: Paris (x32)
Big Fish: Game Manager (x32 Version: 3.2.0.6)
Bluetooth by hp (Version: 6.2.0.9600)
Brother MFL-Pro Suite MFC-7220 (x32 Version: 1.0.1.0)
Brother MFL-Pro Suite MFC-J430W (x32 Version: 1.1.6.0)
BufferChm (x32 Version: 130.0.331.000)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1)
C4700 (x32 Version: 130.0.373.000)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Canon Easy-WebPrint EX (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP250 series MP Drivers
Canon MP250 series User Registration (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Catalina Savings Printer (x32 Version: 1.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center InstallProxy (x32 Version: 2009.0520.1631.27815)
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190)
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190)
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190)
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190)
CCC Help Czech (x32 Version: 2012.1116.1514.27190)
CCC Help Danish (x32 Version: 2012.1116.1514.27190)
CCC Help Dutch (x32 Version: 2012.1116.1514.27190)
CCC Help English (x32 Version: 2012.1116.1514.27190)
CCC Help Finnish (x32 Version: 2012.1116.1514.27190)
CCC Help French (x32 Version: 2012.1116.1514.27190)
CCC Help German (x32 Version: 2012.1116.1514.27190)
CCC Help Greek (x32 Version: 2012.1116.1514.27190)
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190)
CCC Help Italian (x32 Version: 2012.1116.1514.27190)
CCC Help Japanese (x32 Version: 2012.1116.1514.27190)
CCC Help Korean (x32 Version: 2012.1116.1514.27190)
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190)
CCC Help Polish (x32 Version: 2012.1116.1514.27190)
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190)
CCC Help Russian (x32 Version: 2012.1116.1514.27190)
CCC Help Spanish (x32 Version: 2012.1116.1514.27190)
CCC Help Swedish (x32 Version: 2012.1116.1514.27190)
CCC Help Thai (x32 Version: 2012.1116.1514.27190)
CCC Help Turkish (x32 Version: 2012.1116.1514.27190)
ccc-utility64 (Version: 2012.1116.1515.27190)
CCleaner (Version: 4.06)
Christmas Wonderland (x32)
Coupon Printer for Windows (x32 Version: 5.0.0.3)
CrashPlan (Version: 3.5.3)
CutePDF Writer 2.8
Defraggler (Version: 2.15)
Dell System Detect (HKCU Version: 5.3.1.5)
Destinations (x32 Version: 140.0.77.000)
DeviceDiscovery (x32 Version: 130.0.372.000)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dolby Digital Live Pack (x32 Version: 3.00)
DVDFab 8.2.2.6 (25/12/2012) Qt (x32)
eReg (x32 Version: 1.20.138.34)
ERUNT 1.1j (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
FileHippo.com Update Checker (x32)
Foxit Creator (x32 Version: 3,0,2,0506)
Foxit PDF Editor (x32)
GPBaseService2 (x32 Version: 130.0.371.000)
Hardware Diagnostic Tools (Version: 6.0.5434.08)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.2.8946.3086)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Easy Backup (x32 Version: 1.0.8.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart Demo (x32 Version: 1.00.0000)
HP MediaSmart DVD (x32 Version: 3.0.3420)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.0.28.2)
HP Odometer (x32 Version: 2.10.0000)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Remote Solution (x32 Version: 1.1.9.0)
HP Setup (x32 Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
HydraVision (x32 Version: 4.2.162.0)
ImagXpress (x32 Version: 7.0.74.0)
i-Menu 2.2 (x32)
ImgBurn (x32 Version: 2.5.7.0)
inSSIDer 2.0 (Version: 2.0.7)
Intel® Matrix Storage Manager
Internet TV for Windows Media Center (x32 Version: 4.2.2.0)
IP Camera Tool (x32 Version: 1.00.0000)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java™ 6 Update 31 (x32 Version: 6.0.310)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Keynote Connector (x32)
LabelPrint (x32 Version: 2.5.1901)
LightScribe System Software (x32 Version: 1.18.8.1)
Logitech Onscreen Keyboard 1.0 (Version: 1.00.55)
Logitech SetPoint 6.52 (Version: 6.52.74)
Logitech Vid HD (x32 Version: 7.2 (7230))
Logitech Webcam Software (x32 Version: 2.30)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Live Meeting 2007 (x32 Version: 8.0.6362.187)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.127.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_x86 (x32 Version: 1.0.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Mystery Case Files ®: 13th Skull ™ (x32)
Mystery Case Files ®: Dire Grove ™ (x32)
Mystery Case Files: Huntsville ™ (x32)
Mystery Case Files: Madame Fate ® (x32)
Mystery Case Files: Ravenhearst ® (x32)
Mystery P.I.: Stolen in San Francisco (x32)
Mystery P.I.: The Curious Case of Counterfeit Cove (x32)
Mystery P.I.: The New York Fortune (x32)
neroxml (x32 Version: 1.0.0)
NETGEAR Genie (x32 Version: 2.2.28.24.exe )
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Nuance PDF Viewer Plus (x32 Version: 5.30.3290)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PDFZilla V1.2.9 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1931)
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000)
QuickPar 0.9 (x32 Version: 0.9)
Remote Control USB Driver (x32 Version: 2.3.2.317)
RoboForm 7-9-1-1 (All Users) (x32 Version: 7-9-1-1)
Scan (x32 Version: 140.0.80.000)
Scansoft PDF Professional (x32)
Screen+ 1.0 (x32)
Secure Online Account Numbers (x32 Version: 2.0.2.0)
Secure Online Account Numbers (x32 Version: 2.3.14.0)
Skype™ 5.10 (x32 Version: 5.10.116)
SmartWebPrinting (x32 Version: 140.0.186.000)
SolutionCenter (x32 Version: 130.0.373.000)
Sound Blaster X-Fi (x32 Version: 1.0)
Status (x32 Version: 130.0.373.000)
SUPERAntiSpyware (Version: 5.0.1118)
swMSM (x32 Version: 12.0.0.1)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.1 (x32 Version: 2.0.1)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 14.0.8098.930)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Toolbar (x32 Version: 14.0.8064.206)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
YouTube Song Downloader (x32 Version: 8.2)

==================== Restore Points =========================

30-10-2013 20:56:49 OTL Restore Point - 10/30/2013 4:56:04 PM
31-10-2013 17:37:03 OTL Restore Point - 10/31/2013 1:36:44 PM

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-10-30 14:59 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0D56175F-39DD-4205-9C1C-5289F27B43D7} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [2013-08-27] (Siber Systems)
Task: {1E0650E0-BE14-4E16-AD58-A7DE1B75F280} - System32\Tasks\{3F9C97BA-7670-4146-9AD2-960DCD8A2026} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {266D5758-758C-4AF5-A0DA-4CFD98F7871E} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {4BCEDAFE-F679-497E-8507-CEDF3A981EBB} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\identities.exe [2013-08-27] (Siber Systems)
Task: {4D707DDC-58F4-4C44-AEA7-953ACFBED17C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {6A702158-5FCA-499B-B9E9-A9A23904FC62} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6C35D65A-F338-4A9B-89F2-16A7777A15C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {6C76BD4E-9C62-4F42-8ABD-8A5F0D9D6DFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8BAFD163-1A6A-4E66-A66A-A8D54A6BAE2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {A191ACA0-B500-463B-A494-15685BFCBAAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {A6142432-B8F9-4230-A7AA-F2BFCAD93449} - System32\Tasks\HPCeeScheduleForHewlett => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {B6DB0899-0230-4154-BBA0-03D631F46C83} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {BC0BBF31-6476-4B10-AF66-8340752BB477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C7FDE96F-4D1D-4983-B4B0-CD777E273332} - System32\Tasks\Go to RoboForm Install page => C:\Windows\System32\url.dll [2013-09-22] (Microsoft Corporation)
Task: {DCE559D3-11B6-454D-8172-4639FBCEAF46} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-10-20] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForHewlett.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2010-03-21 18:49 - 2009-11-05 09:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-04-08 19:35 - 2013-04-08 19:35 - 00014848 _____ () O:\md564.dll
2013-04-08 19:35 - 2013-04-08 19:35 - 00198144 _____ () O:\cpnative64.dll
2009-04-09 19:04 - 2009-04-09 19:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 17:53 - 2009-04-22 17:53 - 00969040 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2010-08-27 17:53 - 2010-08-27 17:53 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2009-03-03 18:17 - 2009-03-03 18:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2010-08-27 17:54 - 2010-08-27 17:54 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 18:18 - 2009-03-03 18:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2012-01-18 02:43 - 2012-01-18 02:43 - 00183320 _____ () C:\Program Files (x86)\Common Files\logishrd\SharedBin\LVAPI11.dll
2010-07-07 12:33 - 2010-07-07 12:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2009-12-11 04:42 - 2009-07-10 13:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2012-11-26 15:30 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2008-01-11 21:50 - 2008-01-11 21:50 - 00529512 _____ () C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
AlternateDataStreams: C:\Users\Hewlett\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2013 03:18:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/31/2013 03:18:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/31/2013 03:13:33 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (10/31/2013 01:48:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/31/2013 01:48:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server Active Directory Helper service terminated with service-specific error %%-1073741724.

Error: (10/31/2013 03:13:32 PM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053

Error: (10/31/2013 03:13:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Error: (10/31/2013 03:08:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/31/2013 01:51:33 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (10/20/2013 00:51:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 62036 seconds with 480 seconds of active time. This session ended with a crash.

Error: (07/01/2013 04:03:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1449 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/17/2012 00:14:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21208 seconds with 1860 seconds of active time. This session ended with a crash.

Error: (06/23/2012 07:06:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40505 seconds with 540 seconds of active time. This session ended with a crash.

Error: (06/21/2012 10:13:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8681 seconds with 600 seconds of active time. This session ended with a crash.

Error: (06/05/2012 08:45:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73254 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (05/31/2012 09:23:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90202 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (02/16/2012 06:40:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 73339 seconds with 240 seconds of active time. This session ended with a crash.

Error: (10/10/2011 00:34:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/29/2011 03:11:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2011-09-26 02:51:42.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-09-26 02:51:42.758
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-09-26 02:45:23.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-09-26 02:45:23.044
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 12279.09 MB
Available physical RAM: 9227.92 MB
Total Pagefile: 24556.37 MB
Available Pagefile: 20650.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.03 GB) (Free:770.08 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.39 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:931.51 GB) (Free:598.17 GB) NTFS
Drive h: (Elements) (Fixed) (Total:1863.01 GB) (Free:1859.47 GB) NTFS
Drive o: (Elements) (Fixed) (Total:931.28 GB) (Free:748.04 GB) FAT32
Drive p: (Elements) (Fixed) (Total:1863.01 GB) (Free:1052.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 7A36D280)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00020FC3)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 932 GB) (Disk ID: EA81B695)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

========================================================
Disk: 8 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000DA1F8)
Partition 1: (Not Active) - (Size=-198627557376) - (Type=07 NTFS)

#36
RKinner

Posted 31 October 2013 - 02:36 PM

Malware Expert

Expert
24,625 posts

Are you having problems uninstalling the old Java?

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.

Looking at your errors:

Error: (10/31/2013 01:48:16 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/31/2013 03:18:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Let's try to Rebuild the list of available counters

Click Start, expand All Programs, and expand Accessories.
Right-click Command Prompt, and then click Run as administrator.
At the command prompt, type lodctr /r, and then press ENTER.

Error: (10/31/2013 03:13:33 PM) (Source: MSSQLServerADHelper) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

This service should not start automatically.

Copy the next line:

sc config MSSQLServerADHelper start= manual

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.

Error: (10/31/2013 03:13:33 PM) (Source: Service Control Manager) (User: )
Description: The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

These services should not be installed.

Start –> Control Panel –> Programs and Features

“Turn windows features on or off”
Wait a minute for it to load.

Expand Microsoft.NET Framework (there are several of them the most common is 3.5.1) If you find one with “Windows Communication Foundation Non-HTTP Activation” or “Windows Communication Foundation HTTP Activation” checked, uncheck it then OK.

Now in the search box, type: services.msc and wait for it to find it. Right click on the found services.msc and Run As Admin. The services Window should come up. Find each of these and right click on it and select Properties. Change the Startup Type to Disabled. OK

Net.Msmq Listener Adapter

Net.Pipe Listener Adapter

Net.Tcp Listener Adapter

Net.Tcp Port Sharing Service

Error: (10/31/2013 03:08:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Go into AVG and uncheck Self Protection:

http://forums.avg.co...ww/217563/13025

Error: (10/31/2013 03:13:32 PM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053

Error: (10/31/2013 03:13:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Uninstall HP Software Framework Service. Go to HP and download the latest version for your PC.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

In either case continue to the next step:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#37
Vintage Charms

Posted 31 October 2013 - 02:59 PM

Member

Topic Starter
Member
75 posts

Sorry I amj lost. You lost me at the command promopt. I did the first one. I did the 2nd one: sc config MSSQLServerADHelper start= manual

I am lost here: Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

#38
RKinner

Posted 31 October 2013 - 03:04 PM

Malware Expert

Expert
24,625 posts

Rather than have you type it out with the possibility of a mistake I like to have people copy it and then paste it into an elevated Command Prompt. If you typed it in then that's fine and you can skip the paste bit.

I see I used a code box instead of a Quote box in the next bit so I have done an edit on my post to fix that.

#39
Vintage Charms

Posted 31 October 2013 - 03:06 PM

Member

Topic Starter
Member
75 posts

Sorry I don't know what to do next. Should I still be in the command prompt?

#40
RKinner

Posted 31 October 2013 - 03:09 PM

Malware Expert

Expert
24,625 posts

You can close the command prompt. Then click on Start, Control Panel, Programs and Features

#41
Vintage Charms

Posted 31 October 2013 - 03:16 PM

Member

Topic Starter
Member
75 posts

OK I am here: Uninstall HP Software Framework Service. Go to HP and download the latest version for your PC.

Where is this framework service?

#42
Vintage Charms

Posted 31 October 2013 - 03:24 PM

Member

Topic Starter
Member
75 posts

OK I am here: Uninstall HP Software Framework Service. Go to HP and download the latest version for your PC.

Where is this framework service?

OK found that button. I am uninstalling and installing.

#43
RKinner

Posted 31 October 2013 - 03:27 PM

Malware Expert

Expert
24,625 posts

You have to go to hp.com and under support tell them what make and model or service code then they will give you a list of drivers and software. If you want to tell me what make and model (and service code) you have I can do it for you and then point you to the right one.

#44
Vintage Charms

Posted 31 October 2013 - 03:53 PM

Member

Topic Starter
Member
75 posts

OK here I am now. Sorry this is unfamiliar territory. Running sfc /scannow.

#45
Vintage Charms

Posted 31 October 2013 - 04:05 PM

Member

Topic Starter
Member
75 posts

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc

Microsoft ® Windows ® Resource Checker Version 6.0
Copyright © 2006 Microsoft Corporation. All rights reserved.

Scans the integrity of all protected system files and replaces incorrect version
s with
correct Microsoft versions.

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
[/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>
]

/SCANNOW Scans integrity of all protected system files and repairs files
with
problems when possible.
/VERIFYONLY Scans integrity of all protected system files. No repair operati
on is
performed.
/SCANFILE Scans integrity of the referenced file, repairs file if problems
are
identified. Specify full path <file>
/VERIFYFILE Verifies the integrity of the file with full path <file>. No re
pair
operation is performed.
/OFFBOOTDIR For offline repair specify the location of the offline boot dire
ctory
/OFFWINDIR For offline repair specify the location of the offline windows d
irectory

e.g.

sfc /SCANNOW
sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDI
R=d:\windows
sfc /VERIFYONLY

C:\Windows\system32>/scannow
'/scannow' is not recognized as an internal or external command,
operable program or batch file.

C:\Windows\system32>/scannow
'/scannow' is not recognized as an internal or external command,
operable program or batch file.

C:\Windows\system32>scannow
'scannow' is not recognized as an internal or external command,
operable program or batch file.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Does this look OK? I don't know if it complained or not.