Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Huge unexplained bandwidth usage increase [Closed]

Started by GeoTor , Mar 11 2014 07:41 PM

This topic is locked

#1
GeoTor

Posted 11 March 2014 - 07:41 PM

New Member

Member
7 posts

Hi. I started getting email alerts from my internet service provider about almost exceeding my 60gig/month. I usually use about 13-19 max a month, and just last week it started using 13 to 19 a day, and I think today it's going to be 30 and I've only had the internet on for about 2 hours. The IP company reset my router and tested that nobody else is using it, even turned off the wireless on it, and it's still spiking.
It only started last week and I have no idea why.
I also notice I have a Skype C2C error thing popping up on occasion, started last week. Only other thing is that I have an update to the Cisco anyconnect thing that I require to log in to work when I work from home.
Other than that, I have no idea what's going on or why. Can someone please help me figure out what's happening, it's going to cost me a fortune if i have to pay for this extra usage.
I have a toshiba laptop running on vista, which is almost 5 years old.
Many thanks for reading.

#2
Buddierdl

Posted 13 March 2014 - 06:50 PM

Trusted Helper

Malware Removal
2,524 posts

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#3
GeoTor

Posted 13 March 2014 - 07:42 PM

New Member

Topic Starter
Member
7 posts

Hi Buddierdl. Many thanks for your helping me with this. OK, here's the 2 logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by George (administrator) on GEORGE-PC on 13-03-2014 21:28:37
Running from C:\Users\George\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA Corporation.) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Radialpoint Inc.) C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Agere Systems) C:\Program Files\ltmoh\ltmoh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Bell) C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6156288 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [191552 2007-01-09] (Agere Systems)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [548936 2013-10-11] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BISA.exe] - C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe [4318520 2011-01-06] (Bell)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [QoDqEQKoNtJxVD.exe] - C:\ProgramData\QoDqEQKoNtJxVD.exe
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-29] (Google Inc.)
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk
ShortcutTarget: Greenshot.lnk -> C:\Program Files (x86)\Greenshot\Greenshot.exe ()
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca...ie7&rlz=1I7TSHC
SearchScopes: HKLM - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca...ie7&rlz=1I7TSHC
SearchScopes: HKLM-x32 - DefaultScope {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D} URL =
SearchScopes: HKLM-x32 - {87394793-8317-426A-A380-443282519A7D} URL = http://www.google.ca...ie7&rlz=1I7TSHC
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Winsock: Catalog9-x64 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rtqjzf96.default-1381882977084
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @radialpoint.com/SPA,version=1 - C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\George\AppData\Local\funmoods.crx []
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\George\AppData\Local\funmoods.crx []
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\George\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\George\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-10-05]

==================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Windows\SysWOW64\agr64svc.exe [0 2013-10-15] ()
S2 gupdate1ca40a72a69bfd0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-09-28] (Google Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [371472 2011-02-18] (PC Tools)
S3 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1117144 2011-04-06] (PC Tools)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 ServicepointService; C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [689464 2011-01-06] (Radialpoint Inc.)
R2 slsvc; C:\Windows\SysWOW64\SLsvc.exe [0 2013-10-15] ()
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-10-15] ()
R2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\SysWOW64\TODDSrv.exe [0 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint64.sys [49520 2013-12-12] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux64.sys [73584 2013-12-12] (Cisco Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [282440 2011-05-11] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [279344 2011-03-10] (PC Tools)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 szkg5; SySWOW64\DRIVERS\szkg64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-13 21:28 - 2014-03-13 21:29 - 00022250 _____ () C:\Users\George\Desktop\FRST.txt
2014-03-13 21:26 - 2014-03-13 21:23 - 02157056 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe
2014-03-13 21:23 - 2014-03-13 21:28 - 00000000 ____D () C:\FRST
2014-03-13 21:23 - 2014-03-13 21:23 - 02157056 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2014-03-13 21:00 - 2014-03-13 21:00 - 00000509 _____ () C:\Windows\wininit.ini
2014-03-13 19:48 - 2014-03-13 19:48 - 00713741 _____ () C:\Users\George\Documents\9032 test strat doc.odt
2014-03-13 19:48 - 2014-03-13 19:48 - 00000115 ____H () C:\Users\George\Documents\.~lock.9032 test strat doc.odt#
2014-03-13 19:36 - 2014-03-13 19:36 - 00188212 _____ () C:\Users\George\Documents\george resource monitor.odt
2014-03-13 19:36 - 2014-03-13 19:36 - 00000115 ____H () C:\Users\George\Documents\.~lock.george resource monitor.odt#
2014-03-13 19:29 - 2014-03-13 19:29 - 00003798 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00003444 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00001229 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-13 19:29 - 2014-03-13 19:29 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-13 19:29 - 2014-03-13 19:29 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-13 19:29 - 2014-03-13 19:29 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-13 19:28 - 2014-03-13 21:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-13 19:28 - 2014-03-13 19:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-13 19:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-13 19:26 - 2014-03-13 19:26 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\George\Downloads\spybot-2.2.exe
2014-03-13 07:13 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 07:13 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 07:13 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 07:13 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 07:13 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 07:13 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 07:13 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 07:13 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 07:13 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 07:13 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 07:13 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 07:13 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 07:13 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 07:13 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 07:13 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 07:13 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 07:13 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 07:13 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 07:13 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 07:13 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 07:13 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 07:13 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 07:13 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 07:13 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 07:13 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 07:13 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 07:13 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 07:13 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 07:13 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 07:13 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 07:13 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 07:13 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 07:58 - 2014-03-12 07:58 - 02347384 _____ (ESET) C:\Users\George\Downloads\esetsmartinstaller_enu.exe
2014-03-12 07:57 - 2014-02-11 07:57 - 00000426 _____ () C:\AVScanner.ini
2014-03-12 07:00 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 07:00 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 07:00 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 07:00 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 07:00 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-12 07:00 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-12 06:59 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-05 07:48 - 2014-03-05 07:48 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-14 21:12 - 2014-02-14 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 07:41 - 2013-12-05 00:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 07:41 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-03-13 21:29 - 2014-03-13 21:28 - 00022250 _____ () C:\Users\George\Desktop\FRST.txt
2014-03-13 21:28 - 2014-03-13 21:23 - 00000000 ____D () C:\FRST
2014-03-13 21:23 - 2014-03-13 21:26 - 02157056 _____ (Farbar) C:\Users\George\Desktop\FRST64.exe
2014-03-13 21:23 - 2014-03-13 21:23 - 02157056 _____ (Farbar) C:\Users\George\Downloads\FRST64.exe
2014-03-13 21:21 - 2009-09-28 22:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 21:20 - 2009-06-29 06:40 - 01081772 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 21:04 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:04 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 21:02 - 2014-03-13 19:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-13 21:00 - 2014-03-13 21:00 - 00000509 _____ () C:\Windows\wininit.ini
2014-03-13 21:00 - 2013-10-11 21:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-13 20:47 - 2012-04-04 07:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-13 19:48 - 2014-03-13 19:48 - 00713741 _____ () C:\Users\George\Documents\9032 test strat doc.odt
2014-03-13 19:48 - 2014-03-13 19:48 - 00000115 ____H () C:\Users\George\Documents\.~lock.9032 test strat doc.odt#
2014-03-13 19:36 - 2014-03-13 19:36 - 00188212 _____ () C:\Users\George\Documents\george resource monitor.odt
2014-03-13 19:36 - 2014-03-13 19:36 - 00000115 ____H () C:\Users\George\Documents\.~lock.george resource monitor.odt#
2014-03-13 19:31 - 2014-03-13 19:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-13 19:29 - 2014-03-13 19:29 - 00003798 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00003444 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-03-13 19:29 - 2014-03-13 19:29 - 00001229 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-13 19:29 - 2014-03-13 19:29 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-13 19:29 - 2014-03-13 19:29 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-13 19:29 - 2014-03-13 19:29 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-13 19:26 - 2014-03-13 19:26 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\George\Downloads\spybot-2.2.exe
2014-03-13 19:12 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-13 19:07 - 2009-09-28 22:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 19:04 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 08:55 - 2006-11-02 11:42 - 00032610 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-13 07:39 - 2006-11-02 11:21 - 00346408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 07:38 - 2012-10-28 10:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 07:15 - 2012-01-07 14:34 - 03415218 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-03-12 19:49 - 2008-01-20 23:26 - 00204926 _____ () C:\Windows\PFRO.log
2014-03-12 08:48 - 2012-04-04 07:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 08:48 - 2012-04-04 07:03 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 08:48 - 2011-05-16 07:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 08:47 - 2012-04-13 23:48 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 07:58 - 2014-03-12 07:58 - 02347384 _____ (ESET) C:\Users\George\Downloads\esetsmartinstaller_enu.exe
2014-03-12 07:19 - 2013-10-11 21:50 - 00000000 ____D () C:\ProgramData\Conduit
2014-03-11 22:52 - 2009-09-28 21:50 - 00000000 ____D () C:\Users\George\AppData\Roaming\Skype
2014-03-08 12:03 - 2009-06-30 16:32 - 00001718 ____H () C:\Users\George\Documents\Default.rdp
2014-03-06 18:16 - 2009-07-03 18:23 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-06 09:57 - 2009-06-30 16:28 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-06 09:57 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-03-06 09:56 - 2009-06-30 16:28 - 00000000 ____D () C:\ProgramData\Cisco
2014-03-06 09:55 - 2011-01-05 23:16 - 00000000 ____D () C:\Users\George\AppData\Local\Cisco
2014-03-05 07:48 - 2014-03-05 07:48 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-05 07:48 - 2009-09-28 21:49 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 07:48 - 2009-09-28 21:49 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 07:29 - 2009-09-28 21:52 - 00002036 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-27 07:56 - 2011-05-08 15:41 - 00744780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 03:12 - 2014-03-13 07:13 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-13 07:13 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-13 07:13 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-13 07:13 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-13 07:13 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-13 07:13 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-13 07:13 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-13 07:13 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-13 07:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-13 07:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-13 07:13 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-13 07:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-13 07:13 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-13 07:13 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-13 07:13 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-13 07:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-13 07:13 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-13 07:13 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-13 07:13 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-13 07:13 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-13 07:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-13 07:13 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-13 07:13 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-13 07:13 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-13 07:13 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-13 07:13 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-13 07:13 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-13 07:13 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-13 07:13 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-13 07:13 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-13 07:13 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-13 07:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-18 07:45 - 2012-04-25 19:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 04:08 - 2013-07-12 06:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 04:01 - 2006-11-02 08:35 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-15 01:16 - 2009-09-28 22:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 01:16 - 2009-09-28 22:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-14 21:13 - 2014-02-14 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-11 07:57 - 2014-03-12 07:57 - 00000426 _____ () C:\AVScanner.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-13 19:11

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by George at 2014-03-13 21:30:08
Running from C:\Users\George\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
Bell Internet Service Advisor 3.7.44 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 3.7.44 - Bell)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.231.1126L - Chicony Electronics Co.,Ltd.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CD/DVD Drive Acoustic Silencer (HKLM-x32\...\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}) (Version: 3.01.04 - TOSHIBA)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM-x32\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
FreeSmith version 1.2.3 (HKLM-x32\...\{BFFB6CFD-13E8-4967-AA6D-A57E7280FFDA}_is1) (Version: 1.2.3 - Anvsoft)
GearDrvs (x32 Version: 1.00.0000 - GEAR Software) Hidden
GenuTax Standard (HKLM-x32\...\{0B42C574-468D-4D88-8126-39BFCB6DFBD9}) (Version: 1.38 - GenuSource Consulting Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
Greenshot (HKLM-x32\...\Greenshot_is1) (Version: - )
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{584B7A79-1262-4424-BB2E-21D8EF10DFB4}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (x32 Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Moyea FLV Player version: 2.0.2.94 (HKLM-x32\...\{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1) (Version: - Moyea Software Co., Ltd.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My PCBackup Removal Tool (HKLM-x32\...\My PCBackup Removal Tool_is1) (Version: build_1.0.0.143_rev_3131_date_15:30:42 15-07-13 - Security Stronghold)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OnlinePlay 1.0 (HKLM-x32\...\OnlinePlay) (Version: 1.0 - AOL LLC)
OpenOffice.org 3.2 (HKLM-x32\...\{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}) (Version: 3.2.9483 - OpenOffice.org)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4340_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_03_C4340_Software_Min (x32 Version: 100.0.213.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Scan (x32 Version: 10.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrintingOC (x32 Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Spyware Doctor 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.06 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.17.64 - TOSHIBA)
TOSHIBA Face Recognition (Version: 2.0.17.64 - TOSHIBA) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 for x64 - TOSHIBA Corporation)
Toshiba Registration (HKLM-x32\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.87 (SM2187ALS04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM-x32\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.24.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.1.24.64 - TOSHIBA Corporation) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.3374 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WM Capture (HKCU\...\WM Capture) (Version: - )
WM Recorder (HKLM-x32\...\WM Recorder) (Version: - )
WM Recorder 14 (HKLM-x32\...\WM Recorder 14) (Version: 14.0 - All Alex, Inc)

==================== Restore Points =========================

30-01-2014 11:17:17 Installed Java 7 Update 51
30-01-2014 23:25:50 Windows Update
02-02-2014 23:35:32 Windows Update
07-02-2014 00:27:14 Windows Update
11-02-2014 11:59:23 Windows Update
13-02-2014 11:38:23 Windows Update
16-02-2014 08:00:15 Windows Update
19-02-2014 11:56:33 Windows Update
22-02-2014 23:34:37 Windows Update
26-02-2014 08:00:13 Windows Update
27-02-2014 11:51:48 Windows Update
02-03-2014 23:16:40 Windows Update
05-03-2014 11:45:29 Windows Update
06-03-2014 13:57:13 Device Driver Package Install: Cisco Systems Network adapters
08-03-2014 23:16:54 Windows Update
12-03-2014 11:36:11 Windows Update
13-03-2014 11:06:28 Windows Update

==================== Hosts content: ==========================

2011-10-24 19:05 - 2011-10-24 19:05 - 00000036 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0EFB4DBC-4CB9-4D0E-9756-C665EFD42A34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-28] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1B2D92CA-99BD-4724-B90F-45BA26DB25C2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {28290B15-E3A7-4219-9482-86EFD8310FCA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2D37DB46-19BC-4B93-B743-37C27B74EA0C} - System32\Tasks\{76194C9A-E376-40C5-BACA-9C06F74D44A0} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {38DBF56C-4AC6-421E-A72C-F11090C21E96} - System32\Tasks\{64687FBE-3A52-40F7-870E-412C8D128617} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {4A608678-1807-47B1-AA11-E890115613A4} - System32\Tasks\{9D5A5981-FE15-46A1-BE25-A00FDE3695AF} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {684F7A13-3377-4777-BCF7-6432CA1A7A55} - System32\Tasks\{F80DCCEE-769C-4240-95E4-8F85AE3279EA} => Iexplore.exe http://ui.skype.com/...ed-notinstalled
Task: {73915AD6-8171-4C48-AF62-FFDFC3EAA0C3} - System32\Tasks\{AB351BDC-EDBE-408B-97B4-E2B8E86C1BE7} => Iexplore.exe http://ui.skype.com/...ed-notinstalled
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {802C7A0C-794C-47AF-816D-DAB6C567F2EA} - System32\Tasks\{86C78A1E-C23A-4AE0-A572-D85A30498C00} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {9D7E9A80-8D39-4B28-9A17-AE5A1CC2435D} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {9F271E19-EFF3-4793-B7AB-5D7C6E578BF0} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {AF1B67E1-890A-44B6-820D-2DF264DE7788} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B5FD8170-14C6-4BFD-9530-E9522FFE986C} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C804D15E-2E7F-4CA5-806D-12DE33FC5031} - System32\Tasks\{F4E7A6D5-46C5-4AA1-805F-508CDD4959C2} => Iexplore.exe http://ui.skype.com/...fered-installed
Task: {DC05BC06-F9D8-4885-B45D-177832433C43} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FC5113BD-F154-473A-A7CC-665C70106A4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2008-08-22 20:06 - 2008-08-22 20:06 - 00135680 _____ () C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
2008-08-22 20:06 - 2008-08-22 20:06 - 07553024 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
2008-08-22 20:06 - 2008-08-22 20:06 - 01032704 _____ () C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
2013-10-11 22:48 - 2013-10-11 22:48 - 00292424 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll
2008-03-06 10:13 - 2008-03-06 10:13 - 05106040 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2007-12-05 15:36 - 2007-12-05 15:36 - 00102400 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-07-10 21:48 - 2007-04-23 12:09 - 00016896 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2007-12-25 12:02 - 2007-12-25 12:02 - 00016720 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-04-25 00:47 - 2007-04-25 00:47 - 00012288 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-10-11 22:48 - 2013-10-11 22:48 - 00548936 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
2013-10-11 22:48 - 2013-10-11 22:48 - 00442952 _____ () C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\HPG64.DLL
2009-09-26 17:41 - 2009-01-11 12:19 - 00528384 _____ () C:\Program Files (x86)\Greenshot\Greenshot.exe
2013-12-12 18:36 - 2013-12-12 18:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-21 20:46 - 2011-01-06 15:47 - 00158208 _____ () C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll
2009-10-20 21:02 - 2010-04-30 10:08 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-09-28 13:09 - 2010-04-30 10:08 - 00166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2014-03-13 19:28 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-13 19:28 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-13 19:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-13 19:28 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-13 19:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-14 21:12 - 2014-02-14 21:12 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2014 09:26:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (03/13/2014 07:52:41 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:52:24 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:52:09 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:51:55 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:51:44 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:51:30 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:51:17 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:51:04 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (03/13/2014 07:50:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

System errors:
=============
Error: (03/13/2014 07:06:37 PM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Error: (03/13/2014 07:06:36 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (03/13/2014 07:42:06 AM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Error: (03/13/2014 07:42:06 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (03/13/2014 07:36:21 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (03/13/2014 07:02:50 AM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Error: (03/13/2014 07:02:50 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (03/12/2014 07:50:59 PM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Error: (03/12/2014 07:50:59 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (03/12/2014 07:25:52 AM) (Source: Service Control Manager) (User: )
Description: is3srv
szkg5

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-10-16 06:46:18.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:46:17.854
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:46:17.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:46:16.913
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:45.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:44.382
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:44.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:43.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:42.910
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-16 06:45:42.611
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 2939.19 MB
Available physical RAM: 1112.55 MB
Total Pagefile: 6090.55 MB
Available Pagefile: 3777.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (S3A6747D005) (Fixed) (Total:214.29 GB) (Free:126.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:8.65 GB) (Free:8.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 603F8EA8)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=214 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=8 GB) - (Type=17)

==================== End Of Log ============================

#4
Buddierdl

Posted 14 March 2014 - 01:54 PM

Trusted Helper

Malware Removal
2,524 posts

Hi GeoTor,

Let's get started.

Step 1:Uninstalls

Please uninstall the following programs from the Programs and Features menu of the Control Panel.

Ask Toolbar and Ask Toolbar Updater => These are usually bundled installs. You can keep them if you use them.
Skype Click to Call => This is malfunctioning. You can reinstall it if you need it (it isn't necessary to using Skype).

Step 2: Run FRST fix.

Please download the attached fixlist.txt to your desktop. Then run FRST again and select "Fix." Post the resulting fixlog.txt.

Step 3: Run JRT.

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:

FRST fix log
JRT log
aswMBR log
How is your computer running now?

Attached Files

fixlist.txt 2.44KB 191 downloads

#5
GeoTor

Posted 14 March 2014 - 05:49 PM

New Member

Topic Starter
Member
7 posts

Hi again. OK, here's all the logs and stuff. And then when everything was done, I restarted my laptop.

So after restarting, i 'think' things are running better, but I'm not knowing if the broadband usage has dropped yet, the last reporting isn't available on my account until later, i think they update it every 8 hours so I will have to wait a bit to see what happens. But one thing that I noticed in the resource monitor on my laptop is that the bites is waaaaaay lower, firefox is receiving anywhere from 1.1 to 1.3ish B/min, which is waaaaaay lower than what i checked the other night, when it was going through the roof. OK, i will let you know more when i see the next update to my usage, which might be later tonight, of if it's after my bedtime, i can check first thing tomorrow and give the update.

OK, many many thanks for helping me out with my stressful broadband usage attack, will let you know more later.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by George at 2014-03-14 18:42:21 Run:1
Running from C:\Users\George\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [VideoDownloadConverter Home Page Guard 64 bit] - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe [548936 2013-10-11] ()
HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\...\Run: [QoDqEQKoNtJxVD.exe] - C:\ProgramData\QoDqEQKoNtJxVD.exe
C:\ProgramData\QoDqEQKoNtJxVD.exe
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
C:\Program Files (x86)\VideoDownloadConverter_4z
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll (Mindspark)
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\George\AppData\Local\funmoods.crx []
C:\Users\George\AppData\Local\funmoods.crx
CHR HKCU\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\George\AppData\Local\funmoods.crx []
CHR HKLM-x32\...\Chrome\Extension: [eiimolhnbbbdagljikeckdkldgemmmlj] - C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx [2013-10-05]
C:\Program Files (x86)\lucky leap
2014-03-13 21:00 - 2013-10-11 21:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-12 07:19 - 2013-10-11 21:50 - 00000000 ____D () C:\ProgramData\Conduit
Task: {2D37DB46-19BC-4B93-B743-37C27B74EA0C} - System32\Tasks\{76194C9A-E376-40C5-BACA-9C06F74D44A0} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {38DBF56C-4AC6-421E-A72C-F11090C21E96} - System32\Tasks\{64687FBE-3A52-40F7-870E-412C8D128617} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {4A608678-1807-47B1-AA11-E890115613A4} - System32\Tasks\{9D5A5981-FE15-46A1-BE25-A00FDE3695AF} => Iexplore.exe http://www.skype.com...8;LastError=404
Task: {684F7A13-3377-4777-BCF7-6432CA1A7A55} - System32\Tasks\{F80DCCEE-769C-4240-95E4-8F85AE3279EA} => Iexplore.exe http://ui.skype.com/...ed-notinstalled
Task: {73915AD6-8171-4C48-AF62-FFDFC3EAA0C3} - System32\Tasks\{AB351BDC-EDBE-408B-97B4-E2B8E86C1BE7} => Iexplore.exe http://ui.skype.com/...ed-notinstalled
Task: {C804D15E-2E7F-4CA5-806D-12DE33FC5031} - System32\Tasks\{F4E7A6D5-46C5-4AA1-805F-508CDD4959C2} => Iexplore.exe http://ui.skype.com/...fered-installed

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Home Page Guard 64 bit => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QoDqEQKoNtJxVD.exe => Value deleted successfully.
"C:\ProgramData\QoDqEQKoNtJxVD.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll => Moved successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin => Key deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki => Key deleted successfully.
"C:\Users\George\AppData\Local\funmoods.crx" => File/Directory not found.
"C:\Users\George\AppData\Local\funmoods.crx" => File/Directory not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki => Key deleted successfully.
"C:\Users\George\AppData\Local\funmoods.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj => Key deleted successfully.
"C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx" => File/Directory not found.
C:\Program Files (x86)\lucky leap => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D37DB46-19BC-4B93-B743-37C27B74EA0C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D37DB46-19BC-4B93-B743-37C27B74EA0C} => Key deleted successfully.
C:\Windows\System32\Tasks\{76194C9A-E376-40C5-BACA-9C06F74D44A0} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76194C9A-E376-40C5-BACA-9C06F74D44A0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38DBF56C-4AC6-421E-A72C-F11090C21E96} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DBF56C-4AC6-421E-A72C-F11090C21E96} => Key deleted successfully.
C:\Windows\System32\Tasks\{64687FBE-3A52-40F7-870E-412C8D128617} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{64687FBE-3A52-40F7-870E-412C8D128617} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A608678-1807-47B1-AA11-E890115613A4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A608678-1807-47B1-AA11-E890115613A4} => Key deleted successfully.
C:\Windows\System32\Tasks\{9D5A5981-FE15-46A1-BE25-A00FDE3695AF} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9D5A5981-FE15-46A1-BE25-A00FDE3695AF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{684F7A13-3377-4777-BCF7-6432CA1A7A55} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{684F7A13-3377-4777-BCF7-6432CA1A7A55} => Key deleted successfully.
C:\Windows\System32\Tasks\{F80DCCEE-769C-4240-95E4-8F85AE3279EA} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F80DCCEE-769C-4240-95E4-8F85AE3279EA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73915AD6-8171-4C48-AF62-FFDFC3EAA0C3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73915AD6-8171-4C48-AF62-FFDFC3EAA0C3} => Key deleted successfully.
C:\Windows\System32\Tasks\{AB351BDC-EDBE-408B-97B4-E2B8E86C1BE7} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AB351BDC-EDBE-408B-97B4-E2B8E86C1BE7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C804D15E-2E7F-4CA5-806D-12DE33FC5031} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C804D15E-2E7F-4CA5-806D-12DE33FC5031} => Key deleted successfully.
C:\Windows\System32\Tasks\{F4E7A6D5-46C5-4AA1-805F-508CDD4959C2} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F4E7A6D5-46C5-4AA1-805F-508CDD4959C2} => Key deleted successfully.

==== End of Fixlog ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by George on 14/03/2014 at 18:50:31.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbutton
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionplugin.1
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\George\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\George\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox

Emptied folder: C:\Users\George\AppData\Roaming\mozilla\firefox\profiles\rtqjzf96.default-1381882977084\minidumps [84 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/03/2014 at 19:11:23.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-14 19:15:15
-----------------------------
19:15:15.985 OS Version: Windows x64 6.0.6002 Service Pack 2
19:15:15.986 Number of processors: 2 586 0x170A
19:15:15.986 ComputerName: GEORGE-PC UserName: George
19:15:17.456 Initialize success
19:16:31.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:16:31.780 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
19:16:32.935 Disk 0 MBR read successfully
19:16:32.935 Disk 0 MBR scan
19:16:32.935 Disk 0 Windows VISTA default MBR code
19:16:32.997 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:16:33.059 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 219430 MB offset 3074048
19:16:33.247 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 8858 MB offset 452466688
19:16:33.371 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 8686 MB offset 470607872
19:16:34.916 Disk 0 scanning C:\Windows\system32\drivers
19:17:00.359 Service scanning
19:17:42.667 Modules scanning
19:17:42.667 Disk 0 trace - called modules:
19:17:42.713 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys iaStor.sys hal.dll
19:17:42.713 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f2f790]
19:17:42.729 3 CLASSPNP.SYS[fffffa60013d4c33] -> nt!IofCallDriver -> [0xfffffa8004e1f7f0]
19:17:42.729 5 PCTCore64.sys[fffffa6000ba98a4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800329f050]
19:17:42.745 Scan finished successfully
19:19:45.363 Disk 0 MBR has been saved successfully to "C:\Users\George\Desktop\MBR.dat"
19:19:45.363 The log file has been saved successfully to "C:\Users\George\Desktop\aswMBR.txt"

#6
Buddierdl

Posted 15 March 2014 - 11:01 AM

Trusted Helper

Malware Removal
2,524 posts

I would like to take one more look before we run a scan to sweep for remnants.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please check the box next to Scan All Users.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#7
GeoTor

Posted 15 March 2014 - 12:24 PM

New Member

Topic Starter
Member
7 posts

Hi again. OK here are the logs ... and i also posted a copy of my usage showing that things seem to be back to normal

OTL logfile created on: 15/03/2014 1:58:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\George\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.08% Memory free
5.95 Gb Paging File | 3.90 Gb Available in Paging File | 65.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 126.51 Gb Free Space | 59.04% Space Free | Partition Type: NTFS
Drive D: | 8.65 Gb Total Space | 8.55 Gb Free Space | 98.80% Space Free | Partition Type: NTFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/15 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
PRC - [2013/12/12 18:36:27 | 000,707,472 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013/12/12 18:36:11 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2011/01/06 15:56:46 | 004,318,520 | ---- | M] (Bell) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
PRC - [2010/02/01 22:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 22:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2007/01/09 02:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/12 18:36:58 | 000,063,376 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/06 15:47:38 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll
MOD - [2010/04/30 10:08:42 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/30 10:08:42 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 23:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/03/12 08:48:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 21:13:24 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/12 18:36:11 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/15 19:08:43 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/15 19:08:43 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/15 19:08:41 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2013/10/15 19:08:41 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SLsvc.exe -- (slsvc)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/06 17:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 12:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/12 18:18:30 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2013/12/12 18:14:30 | 000,073,584 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acsmux64.sys -- (acsmux)
DRV:64bit: - [2013/12/12 18:14:30 | 000,049,520 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acsint64.sys -- (acsint)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/11 10:55:10 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/03/10 10:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2010/07/16 15:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 11:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 06:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/27 18:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 22:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 20:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 02:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 06:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.lo

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 21:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 21:12:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 21:12:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 21:12:41 | 000,000,000 | ---D | M]

[2009/08/21 21:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2013/10/15 20:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rtqjzf96.default-1381882977084\extensions
[2014/03/14 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 21:12:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/02/14 21:12:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/02/14 21:12:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/03/14 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 21:13:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

O1 HOSTS File: ([2011/10/24 19:05:51 | 000,000,036 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk = C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D9CC79-0B7C-4AFE-88E9-154ADA208EDB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/15 13:55:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2014/03/14 19:14:47 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\George\Desktop\aswmbr.exe
[2014/03/14 18:50:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/14 18:45:46 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\George\Desktop\JRT.exe
[2014/03/13 21:26:36 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\George\Desktop\FRST64.exe
[2014/03/13 21:23:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/13 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/03/13 19:28:50 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/03/13 19:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/03/13 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/03/13 07:13:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/03/13 07:13:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/03/13 07:13:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 07:13:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 07:13:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 07:13:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 07:13:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/03/13 07:13:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/03/13 07:13:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 07:13:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 07:13:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 07:13:22 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 07:13:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/03/13 07:13:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/03/13 07:13:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/03/12 07:00:22 | 001,111,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 07:00:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 07:00:21 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 07:00:20 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/06 09:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2014/03/05 07:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/05 07:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/26 04:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 21:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/15 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2014/03/15 13:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/15 13:35:01 | 000,052,376 | ---- | M] () -- C:\Users\George\Documents\my usage picture.jpg
[2014/03/15 13:27:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/15 13:27:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/15 13:26:00 | 000,214,947 | ---- | M] () -- C:\Users\George\Documents\george resource monitor - saturday 15mar2014 after various cleanings and whatnot.odt
[2014/03/15 13:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/15 00:21:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/14 19:34:36 | 000,759,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/14 19:34:36 | 000,647,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/14 19:34:36 | 000,124,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/14 19:29:33 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/03/14 19:27:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/14 19:27:17 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/14 19:19:45 | 000,000,512 | ---- | M] () -- C:\Users\George\Desktop\MBR.dat
[2014/03/14 19:14:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswmbr.exe
[2014/03/14 18:44:50 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\George\Desktop\JRT.exe
[2014/03/14 06:45:58 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/14 06:45:58 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/13 23:20:24 | 000,713,819 | ---- | M] () -- C:\Users\George\Documents\9032 test strat doc.odt
[2014/03/13 21:23:26 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\George\Desktop\FRST64.exe
[2014/03/13 21:00:15 | 000,000,509 | ---- | M] () -- C:\Windows\wininit.ini
[2014/03/13 19:36:20 | 000,188,212 | ---- | M] () -- C:\Users\George\Documents\george resource monitor.odt
[2014/03/13 19:29:06 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/13 07:39:42 | 000,346,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 07:15:30 | 003,415,218 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/03/12 08:48:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/12 08:48:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/12 08:47:32 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/03/12 06:25:04 | 000,000,905 | ---- | M] () -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk
[2014/03/08 12:03:30 | 000,001,718 | -H-- | M] () -- C:\Users\George\Documents\Default.rdp
[2014/03/06 18:16:15 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/05 07:48:26 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/04 07:29:10 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/03 20:00:45 | 000,100,532 | ---- | M] () -- C:\Users\George\Documents\rbc group rsp 28feb2014.jpg
[2014/03/03 19:59:29 | 000,134,972 | ---- | M] () -- C:\Users\George\Documents\rbc rsp 28feb2014.jpg
[2014/02/27 07:56:39 | 000,744,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/23 02:54:58 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/23 02:46:42 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/23 02:46:20 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/23 02:45:36 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/23 02:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/23 02:45:27 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/23 02:44:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/23 02:44:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/23 02:43:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/23 01:39:28 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/23 01:38:15 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/23 01:38:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/23 01:37:28 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/23 01:36:31 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/23 01:35:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/15 13:35:01 | 000,052,376 | ---- | C] () -- C:\Users\George\Documents\my usage picture.jpg
[2014/03/15 13:25:57 | 000,214,947 | ---- | C] () -- C:\Users\George\Documents\george resource monitor - saturday 15mar2014 after various cleanings and whatnot.odt
[2014/03/14 19:19:45 | 000,000,512 | ---- | C] () -- C:\Users\George\Desktop\MBR.dat
[2014/03/13 21:00:14 | 000,000,509 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/13 19:48:50 | 000,713,819 | ---- | C] () -- C:\Users\George\Documents\9032 test strat doc.odt
[2014/03/13 19:36:20 | 000,188,212 | ---- | C] () -- C:\Users\George\Documents\george resource monitor.odt
[2014/03/13 19:29:23 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/13 19:29:23 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/13 19:29:21 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/03/13 19:29:06 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/03/13 19:29:06 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/12 07:57:25 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/05 07:48:26 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/03 20:00:45 | 000,100,532 | ---- | C] () -- C:\Users\George\Documents\rbc group rsp 28feb2014.jpg
[2014/03/03 19:59:29 | 000,134,972 | ---- | C] () -- C:\Users\George\Documents\rbc rsp 28feb2014.jpg
[2013/10/15 19:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxext.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuauclt.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\TODDSrv.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxsrvc.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxpers.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\agr64svc.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SLsvc.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/10/15 18:53:28 | 000,000,036 | ---- | C] () -- C:\Users\George\AppData\Local\housecall.guid.cache
[2012/12/23 16:12:08 | 000,020,436 | ---- | C] () -- C:\Users\George\bpass.png
[2012/01/07 09:32:44 | 000,011,742 | -HS- | C] () -- C:\Users\George\AppData\Local\63ycxx83j164lu7wm8whe31o3b3c10535yge4608f0ye76
[2012/01/07 09:32:44 | 000,011,742 | -HS- | C] () -- C:\ProgramData\63ycxx83j164lu7wm8whe31o3b3c10535yge4608f0ye76
[2011/05/08 15:31:43 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/10/31 14:19:52 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2009/09/28 21:53:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/03 18:23:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/29 18:31:56 | 000,100,352 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 03:50:15 | 000,001,460 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 15/03/2014 1:58:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\George\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 55.08% Memory free
5.95 Gb Paging File | 3.90 Gb Available in Paging File | 65.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 126.51 Gb Free Space | 59.04% Space Free | Partition Type: NTFS
Drive D: | 8.65 Gb Total Space | 8.55 Gb Free Space | 98.80% Space Free | Partition Type: NTFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BD 78 74 69 1D 7C CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4099243D-6583-4886-B14B-6968E317644E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4171B362-9719-4C26-AAFE-A06EA18C83DF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{498D110E-36D2-4654-B635-A376E1B6B71B}" = protocol=17 | dir=in | app=c:\program files (x86)\bell\internet service advisor\servicepointservice.exe |
"{5A70C367-DA36-4EB7-87A0-1389F149C4A4}" = protocol=6 | dir=in | app=c:\users\george\appdata\local\temp\~ose452.tmp\pmropn.exe |
"{6BA45C89-826A-4D0D-B21B-B43274D848AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7CD5A382-9BC7-4C23-8A93-DA7B8CADC5CB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8BB55989-85DF-40AA-8109-A975E32B8DF0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{96C1BFB2-AA61-4290-876A-EEC3C7A4ABEC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9B0CC6C2-D83B-4756-8420-3D5AB2F6E30D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A64D5733-B9FA-4BF8-9B4C-473A0F3FC321}" = protocol=6 | dir=in | app=c:\program files (x86)\bell\internet service advisor\servicepointservice.exe |
"{C71CACDB-8267-4A54-861D-AF2CBEEF62E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E12B361A-B6C5-41D6-8F54-8A77284927C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{8399B44D-8C9F-4B99-B7C3-C21FBE3A0691}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{939F71EF-1DC3-4098-9D1C-F242F07702B7}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"TCP Query User{FC41B0EB-1726-42E8-BB8E-C57DFFAD6A16}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"UDP Query User{5409132E-9BA6-4CD4-AF9D-3242B33F9C3D}C:\program files (x86)\premieropinion\pmropn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\premieropinion\pmropn.exe |
"UDP Query User{AB3A582B-EA27-495D-95DE-AA771A864465}C:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{CE144B77-2473-42AD-9181-8CB3AD8BC7A0}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{584B7A79-1262-4424-BB2E-21D8EF10DFB4}" = HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B42C574-468D-4D88-8126-39BFCB6DFBD9}" = GenuTax Standard
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAB700A-DDB7-4298-AB4B-B6E9F785059C}" = Cisco AnyConnect Secure Mobility Client
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{bb06d04a-9871-4a6b-a668-2ef483b5c2b5}" = PS_AIO_03_C4340_Software_Min
"{BFFB6CFD-13E8-4967-AA6D-A57E7280FFDA}_is1" = FreeSmith version 1.2.3
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ed8fcd31-e06b-4103-b4f7-657b9a82e29f}" = PS_AIO_03_C4340_Software
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.94
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Google Chrome" = Google Chrome
"Greenshot_is1" = Greenshot
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My PCBackup Removal Tool_is1" = My PCBackup Removal Tool
"OnlinePlay" = OnlinePlay 1.0
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
"Spyware Doctor" = Spyware Doctor 8.0
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPcapInst" = WinPcap 4.1.1
"WM Recorder" = WM Recorder
"WM Recorder 14" = WM Recorder 14

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"WM Capture" = WM Capture

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14/03/2014 7:27:56 PM | Computer Name = George-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2014 7:31:45 PM | Computer Name = George-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2014 7:31:45 PM | Computer Name = George-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2014 7:31:47 PM | Computer Name = George-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2014 7:31:48 PM | Computer Name = George-PC | Source = Windows Search Service | ID = 3013
Description =

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15/03/2014 8:08:38 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 15/03/2014 8:08:38 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
230 Invoked Function: CNetEnvironment::testNetwork Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 15/03/2014 8:08:58 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1576 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
(0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
certificate verification failed, and the error was an askuser error server name:
asa.rpmtec.com

Error - 15/03/2014 8:09:00 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.

Error - 15/03/2014 8:09:00 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1385 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 15/03/2014 8:09:00 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 15/03/2014 8:09:30 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1576 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391704
(0xFE210028) Description: CERTIFICATE_ERROR_VERIFY_SERVERCERT_FAILED_ASKUSER:Server
certificate verification failed, and the error was an askuser error server name:
asa.rpmtec.com

Error - 15/03/2014 8:09:32 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.

Error - 15/03/2014 8:09:32 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1385 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target

Error - 15/03/2014 8:09:32 AM | Computer Name = George-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
777 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

[ Spybot - Search and Destroy Events ]
Error - 13/03/2014 9:00:36 PM | Computer Name = George-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 14/03/2014 7:29:19 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/03/2014 7:29:19 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Hi again. I also checked out my usage and it's waaaaaaaaaaaaaaaay down today and yesterday. I was avoiding going on the internet from the 6th march because it was using tonnes of usage just doing nothing, reading email or whatnot only,and it was still spiking just doing that.
Today, i've had the internet on for awhile because i had to run out and forgot to unplug my modem and computer, but returned to find that nothing's eating up usage anymore, no more downloads into the billions.

Reset
Date Downloads (GB) Uploads (GB) Daily total (GB)
Total for the period 88.300 2.889 91.189
March 15, 2014 0.311 0.039 0.350
March 14, 2014 0.271 0.028 0.299
March 13, 2014 5.492 0.100 5.592
March 12, 2014 11.549 0.217 11.766
March 11, 2014 16.959 0.287 17.246
March 10, 2014 5.245 0.098 5.343
March 09, 2014 1.168 0.125 1.293
March 08, 2014 1.689 0.169 1.858
March 07, 2014 7.166 0.156 7.322
March 06, 2014 12.922 0.275 13.197
March 05, 2014 16.965 0.329 17.294
March 04, 2014 0.710 0.040 0.750
March 03, 2014 0.572 0.035 0.607
March 02, 2014 0.584 0.139 0.723
March 01, 2014 1.154 0.135 1.289
February 28, 2014 0.536 0.071 0.607

#8
Buddierdl

Posted 17 March 2014 - 11:22 AM

Trusted Helper

Malware Removal
2,524 posts

Ok. Let's get rid of a little bit more, then sweep for remnants.

Step 1: OTL Fix

Start OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
C:\program files (x86)\premieropinion
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state off /c

Then click the Run Fix button at the top
Let the program run unhindered.
Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 2: Run SecurityCheck

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3: Run MBAM.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:

OTL fix log
SecurityCheck log
MBAM log
ESET log
Any outstanding problems?

#9
GeoTor

Posted 19 March 2014 - 02:37 AM

New Member

Topic Starter
Member
7 posts

Hi again. OK, sorry for the delay, this ran overnight.

I don't know if this is a problem or an annoyance, but it has been happening even before this bandwidth issue, just that sometimes when going to a website, the browser seems to 'freeze', or will be 'slow', but that's been going on for awhile anyway. Other than this, no problems I guess. Is it known yet what might have caused the spiking incident?

Many thanks

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\program files (x86)\premieropinion> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c > in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state off /c> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03182014_193703

Results of screen317's Security Check version 0.99.80
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 8.0
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Java™ 6 Update 6
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.77
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (27.0.1)
Google Chrome 33.0.1750.146
Google Chrome 33.0.1750.154
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.18.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
George :: GEORGE-PC [administrator]

18/03/2014 8:01:10 PM
mbam-log-2014-03-18 (20-01-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229586
Time elapsed: 20 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

C:\FRST\Quarantine\C\Program Files (x86)\lucky leap\updateluckyleap.exe a variant of Win32/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\lucky leap\bin\utilluckyleap.exe a variant of Win32/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll.xBAD Win32/Toolbar.MyWebSearch.T potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application
C:\Program Files (x86)\My PCBackup Removal Tool\MyPCBackupRemovalTool.exe a variant of Win32/SecurityStronghold.A potentially unwanted application
C:\Users\George\AppData\LocalLow\MixiDJ_V37\hk64tbMixi.dll a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\George\AppData\LocalLow\MixiDJ_V37\hktbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\George\AppData\LocalLow\MixiDJ_V37\ldrtbMixi.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\George\AppData\LocalLow\MixiDJ_V37\tbMixi.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\George\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6eada70a-748050b9 multiple threats
C:\Users\George\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6fa7cd93-3c4b94f6 multiple threats
C:\Users\George\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\7f1ee8c9-486adc22 multiple threats
C:\Users\George\Desktop\Old Firefox Data\u7kn7oea.default-1350218988611\extensions\[email protected] Win32/BrowseFox.B potentially unwanted application
C:\Users\George\Downloads\cbsidlm-cbsi134-FlvCapture-ORG-10909631.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\George\Downloads\MyPCBackupRemovalTool.exe a variant of Win32/SecurityStronghold.A potentially unwanted application
C:\Users\George\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy potentially unsafe application

#10
Buddierdl

Posted 19 March 2014 - 04:38 PM

Trusted Helper

Malware Removal
2,524 posts

Ok. A little more to do. I would recommend uninstalling My PCBackup Removal Tool, as it is listed by ESET as a PUP (potentially unwanted program).

We'll look into the internet freezing issue after this. Does it happen in both IE and Firefox?

Step 1: Run OTL fix. I think you made a mistake when you ran the last OTL fix. Make sure to click the "Run Fix" button and not the "Run Scan" button. Let's run this new fix below.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
C:\program files (x86)\premieropinion
C:\Users\George\AppData\LocalLow\MixiDJ_V37
C:\Users\George\Desktop\Old Firefox Data\u7kn7oea.default-1350218988611\extensions\[email protected]
C:\Users\George\Downloads\cbsidlm-cbsi134-FlvCapture-ORG-10909631.exe
C:\Users\George\Downloads\OrbitDownloaderSetup.exe 
netsh advfirewall reset /c 
netsh advfirewall set allprofiles state off /c

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered.
Post the log it produces in your next reply.

Step 2: OTL scan.

Open OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:

/md5start
igfxext.exe
wuauclt.exe
TODDSrv.exe
igfxsrvc.exe
igfxpers.exe
hkcmd.exe
dwm.exe
agr64svc.exe
spoolsv.exe
SLsvc.exe
smss.exe
lsass.exe
csrss.exe
/md5stop

Select the Scan All Users box in the middle on the top of the window
Click the Run Scan button. Post the log it produces in your next reply.

Things I need in your next reply:

OTL fix log
OTL scan log
Computer behavior update?

#11
GeoTor

Posted 19 March 2014 - 08:37 PM

New Member

Topic Starter
Member
7 posts

Hi again. OK, here are the logs and such.

I will say that I've been a Firefox user almost exclusively, hardly ever use IE. What I did before running the latest things and after reboots is go visit a few websites where I know it's been either freezing or very slooooooow, using Firefox and then IE. I can say that it's much slower when using Firefox than IE. However, I get a bunch of plugin errors when using IE, and asking me if I wanted to do whatever with the plugins, and I said no, so went back to using Firefox. Could be that I just never upgraded anything IE-related, including plugins, because I just don't use it.

But, after the latest rounds of fixes, going back using Firefox, and then IE, I will say that the same sites seem to be not freezing as much or as slow. IE, still get the plugins edits triggering and asking if I want to do whatever, upgrade or whatever, or ignore, and I ignore. Actually, it's kind of hard to to say if things are better or not than before. I went to some more sites and it's the same as before, not slooooow or freezing, but not quick either.

Anyway, here are the logs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\program files (x86)\premieropinion> in the current context!
Error: Unable to interpret < C:\Users\George\AppData\LocalLow\MixiDJ_V37> in the current context!
Error: Unable to interpret < C:\Users\George\Desktop\Old Firefox Data\u7kn7oea.default-1350218988611\extensions\[email protected]> in the current context!
Error: Unable to interpret < C:\Users\George\Downloads\cbsidlm-cbsi134-FlvCapture-ORG-10909631.exe> in the current context!
Error: Unable to interpret < C:\Users\George\Downloads\OrbitDownloaderSetup.exe > in the current context!
Error: Unable to interpret < netsh advfirewall reset /c > in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state off /c> in the current context!
Error: Unable to interpret < :Commands> in the current context!

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: George
->Temp folder emptied: 71819603 bytes
->Temporary Internet Files folder emptied: 74807798 bytes
->Java cache emptied: 5045553 bytes
->FireFox cache emptied: 379536248 bytes
->Google Chrome cache emptied: 6273928 bytes
->Flash cache emptied: 4631188 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1787707 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 842259263 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9901122 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,331.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03192014_204843

Files\Folders moved on Reboot...
C:\Windows\temp\TMP000000141DA0CF1B24143317 moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 19/03/2014 9:31:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\George\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 44.61% Memory free
5.95 Gb Paging File | 4.08 Gb Available in Paging File | 68.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214.29 Gb Total Space | 127.70 Gb Free Space | 59.59% Space Free | Partition Type: NTFS
Drive D: | 8.65 Gb Total Space | 8.55 Gb Free Space | 98.80% Space Free | Partition Type: NTFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/15 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
PRC - [2013/12/12 18:36:27 | 000,707,472 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013/12/12 18:36:11 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2011/01/06 15:56:46 | 004,318,520 | ---- | M] (Bell) -- C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe
PRC - [2010/02/01 22:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 22:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2007/01/09 02:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/12 18:36:58 | 000,063,376 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/06 15:47:38 | 000,158,208 | ---- | M] () -- C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll
MOD - [2010/04/30 10:08:42 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/08/25 09:58:12 | 000,089,600 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 23:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/03/12 08:48:06 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/14 21:13:24 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/12 18:36:11 | 000,560,528 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/15 19:08:43 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/15 19:08:43 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/10/15 19:08:41 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2013/10/15 19:08:41 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SLsvc.exe -- (slsvc)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/10/15 19:08:24 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/06 17:53:36 | 001,117,144 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/02/18 12:14:04 | 000,371,472 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/01/06 15:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 19:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/04 00:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/12 18:18:30 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.sys -- (vpnva)
DRV:64bit: - [2013/12/12 18:14:30 | 000,073,584 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acsmux64.sys -- (acsmux)
DRV:64bit: - [2013/12/12 18:14:30 | 000,049,520 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acsint64.sys -- (acsint)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/11 10:55:10 | 000,282,440 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2011/03/10 10:08:22 | 000,279,344 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2010/07/16 15:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 11:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/26 16:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2008/06/12 06:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/27 18:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/04/15 20:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/14 22:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 20:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 02:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 06:12:56 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE - HKLM\..\SearchScopes,DefaultScope = {5E472926-EBA1-4FB7-B5C5-78AFE818BB8D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.lo

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 21:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 21:12:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/02/14 21:12:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 21:12:41 | 000,000,000 | ---D | M]

[2009/08/21 21:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2013/10/15 20:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\rtqjzf96.default-1381882977084\extensions
[2014/03/14 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/14 21:12:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/02/14 21:12:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/02/14 21:12:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2014/03/14 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/14 21:13:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

O1 HOSTS File: ([2011/10/24 19:05:51 | 000,000,036 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk = C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-981261398-3402016905-1835471290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D9CC79-0B7C-4AFE-88E9-154ADA208EDB}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\TOSHIBA\wallpapers\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/18 20:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/03/18 19:58:06 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\George\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/03/18 19:37:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/15 13:55:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2014/03/14 19:14:47 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\George\Desktop\aswmbr.exe
[2014/03/14 18:50:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/14 18:45:46 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\George\Desktop\JRT.exe
[2014/03/13 21:26:36 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\George\Desktop\FRST64.exe
[2014/03/13 21:23:59 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/13 19:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/03/13 19:28:50 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/03/13 19:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/03/13 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/03/13 07:13:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/03/13 07:13:37 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/03/13 07:13:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 07:13:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 07:13:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 07:13:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 07:13:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/03/13 07:13:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/03/13 07:13:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 07:13:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 07:13:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 07:13:22 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 07:13:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/03/13 07:13:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/03/13 07:13:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/03/12 07:00:22 | 001,111,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/12 07:00:21 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/12 07:00:21 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/12 07:00:20 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/06 09:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2014/03/05 07:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/05 07:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/26 04:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Migration

========== Files - Modified Within 30 Days ==========

[2014/03/19 21:27:50 | 000,759,582 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/19 21:27:50 | 000,647,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/19 21:27:50 | 000,124,848 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/19 21:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/19 21:22:00 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/03/19 21:21:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/19 21:20:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 21:20:00 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/19 21:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/19 21:19:44 | 3082,809,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/19 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/19 19:21:20 | 000,000,905 | ---- | M] () -- C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk
[2014/03/19 04:40:59 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/18 19:59:49 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/18 19:57:01 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\George\Desktop\mbam-setup-1.75.0.1300(1).exe
[2014/03/18 19:42:54 | 000,987,442 | ---- | M] () -- C:\Users\George\Desktop\SecurityCheck.exe
[2014/03/15 23:24:20 | 000,151,525 | ---- | M] () -- C:\Users\George\Documents\8 kinsdale bld top floor unit has maybe balcony.jpg
[2014/03/15 14:29:00 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/15 13:54:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\George\Desktop\OTL.exe
[2014/03/15 13:35:01 | 000,052,376 | ---- | M] () -- C:\Users\George\Documents\my usage picture.jpg
[2014/03/15 13:26:00 | 000,214,947 | ---- | M] () -- C:\Users\George\Documents\george resource monitor - saturday 15mar2014 after various cleanings and whatnot.odt
[2014/03/14 19:19:45 | 000,000,512 | ---- | M] () -- C:\Users\George\Desktop\MBR.dat
[2014/03/14 19:14:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\George\Desktop\aswmbr.exe
[2014/03/14 18:44:50 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\George\Desktop\JRT.exe
[2014/03/14 06:45:58 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/13 23:20:24 | 000,713,819 | ---- | M] () -- C:\Users\George\Documents\9032 test strat doc.odt
[2014/03/13 21:23:26 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\George\Desktop\FRST64.exe
[2014/03/13 21:00:15 | 000,000,509 | ---- | M] () -- C:\Windows\wininit.ini
[2014/03/13 19:36:20 | 000,188,212 | ---- | M] () -- C:\Users\George\Documents\george resource monitor.odt
[2014/03/13 19:29:06 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/13 07:39:42 | 000,346,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/13 07:15:30 | 003,415,218 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/03/12 08:48:05 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/12 08:48:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/12 08:47:32 | 005,777,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/03/08 12:03:30 | 000,001,718 | -H-- | M] () -- C:\Users\George\Documents\Default.rdp
[2014/03/06 18:16:15 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/05 07:48:26 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/03 20:00:45 | 000,100,532 | ---- | M] () -- C:\Users\George\Documents\rbc group rsp 28feb2014.jpg
[2014/03/03 19:59:29 | 000,134,972 | ---- | M] () -- C:\Users\George\Documents\rbc rsp 28feb2014.jpg
[2014/02/27 07:56:39 | 000,744,780 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/23 02:54:58 | 002,334,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/23 02:46:42 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/23 02:46:20 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/02/23 02:45:36 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/23 02:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/02/23 02:45:27 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/23 02:44:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/23 02:44:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/02/23 02:43:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/23 01:39:28 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/23 01:38:15 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/02/23 01:38:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/23 01:37:28 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/02/23 01:36:31 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/02/23 01:35:49 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2014/03/18 19:44:01 | 000,987,442 | ---- | C] () -- C:\Users\George\Desktop\SecurityCheck.exe
[2014/03/15 23:24:18 | 000,151,525 | ---- | C] () -- C:\Users\George\Documents\8 kinsdale bld top floor unit has maybe balcony.jpg
[2014/03/15 13:35:01 | 000,052,376 | ---- | C] () -- C:\Users\George\Documents\my usage picture.jpg
[2014/03/15 13:25:57 | 000,214,947 | ---- | C] () -- C:\Users\George\Documents\george resource monitor - saturday 15mar2014 after various cleanings and whatnot.odt
[2014/03/14 19:19:45 | 000,000,512 | ---- | C] () -- C:\Users\George\Desktop\MBR.dat
[2014/03/13 21:00:14 | 000,000,509 | ---- | C] () -- C:\Windows\wininit.ini
[2014/03/13 19:48:50 | 000,713,819 | ---- | C] () -- C:\Users\George\Documents\9032 test strat doc.odt
[2014/03/13 19:36:20 | 000,188,212 | ---- | C] () -- C:\Users\George\Documents\george resource monitor.odt
[2014/03/13 19:29:23 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/03/13 19:29:23 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/13 19:29:21 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/03/13 19:29:06 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/03/13 19:29:06 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/03/12 07:57:25 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/03/05 07:48:26 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/03 20:00:45 | 000,100,532 | ---- | C] () -- C:\Users\George\Documents\rbc group rsp 28feb2014.jpg
[2014/03/03 19:59:29 | 000,134,972 | ---- | C] () -- C:\Users\George\Documents\rbc rsp 28feb2014.jpg
[2013/10/15 19:08:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxext.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wuauclt.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\TODDSrv.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxsrvc.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxpers.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\agr64svc.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SLsvc.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/10/15 18:53:28 | 000,000,036 | ---- | C] () -- C:\Users\George\AppData\Local\housecall.guid.cache
[2012/12/23 16:12:08 | 000,020,436 | ---- | C] () -- C:\Users\George\bpass.png
[2012/01/07 09:32:44 | 000,011,742 | -HS- | C] () -- C:\Users\George\AppData\Local\63ycxx83j164lu7wm8whe31o3b3c10535yge4608f0ye76
[2012/01/07 09:32:44 | 000,011,742 | -HS- | C] () -- C:\ProgramData\63ycxx83j164lu7wm8whe31o3b3c10535yge4608f0ye76
[2011/05/08 15:31:43 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/10/31 14:19:52 | 000,000,680 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2009/09/28 21:53:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/07/03 18:23:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/29 18:31:56 | 000,100,352 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 03:50:15 | 000,001,460 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: AGR64SVC.EXE >
[2007/12/10 23:11:30 | 000,015,872 | ---- | M] (Agere Systems) MD5=8B0D8B5BAFD4C9D57B41426BC68B32F9 -- C:\Windows\SysNative\agr64svc.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\agr64svc.exe

< MD5 for: CSRSS.EXE >
[2008/01/20 22:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 22:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\csrss.exe

< MD5 for: DWM.EXE >
[2009/04/11 03:10:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=449F5AB17863698F12F0BC8E99079AA6 -- C:\Windows\SysNative\dwm.exe
[2009/04/11 03:10:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=449F5AB17863698F12F0BC8E99079AA6 -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_ebada8a472b137b9\dwm.exe
[2008/01/20 22:49:32 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=BD5DEBBE43A492CC75D25AF43E686D17 -- C:\Windows\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_e9c22f98758f6c6d\dwm.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\dwm.exe

< MD5 for: HKCMD.EXE >
[2008/06/25 04:44:30 | 000,209,432 | ---- | M] (Intel Corporation) MD5=1876F6C377580A94325014FC1357461D -- C:\TOSAPINS\Intel-Display-Driver\Graphics\hkcmd.exe
[2008/06/25 04:44:30 | 000,209,432 | ---- | M] (Intel Corporation) MD5=1876F6C377580A94325014FC1357461D -- C:\Windows\SysNative\hkcmd.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\hkcmd.exe

< MD5 for: IGFXEXT.EXE >
[2008/06/25 04:44:36 | 000,181,784 | ---- | M] (Intel Corporation) MD5=527AE8D7162A06E3AB4D43E2D04A83BC -- C:\TOSAPINS\Intel-Display-Driver\Graphics\igfxext.exe
[2008/06/25 04:44:36 | 000,181,784 | ---- | M] (Intel Corporation) MD5=527AE8D7162A06E3AB4D43E2D04A83BC -- C:\Windows\SysNative\igfxext.exe
[2013/10/15 19:08:45 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\igfxext.exe

< MD5 for: IGFXPERS.EXE >
[2008/06/25 04:44:40 | 000,181,784 | ---- | M] (Intel Corporation) MD5=9A6E6E109878297198F189FADD3C5F59 -- C:\TOSAPINS\Intel-Display-Driver\Graphics\igfxpers.exe
[2008/06/25 04:44:40 | 000,181,784 | ---- | M] (Intel Corporation) MD5=9A6E6E109878297198F189FADD3C5F59 -- C:\Windows\SysNative\igfxpers.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\igfxpers.exe

< MD5 for: IGFXSRVC.EXE >
[2008/06/25 04:44:42 | 000,267,800 | ---- | M] (Intel Corporation) MD5=3AA923DBB8294FD6950D6F50AFACF7AA -- C:\TOSAPINS\Intel-Display-Driver\Graphics\igfxsrvc.exe
[2008/06/25 04:44:42 | 000,267,800 | ---- | M] (Intel Corporation) MD5=3AA923DBB8294FD6950D6F50AFACF7AA -- C:\Windows\SysNative\igfxsrvc.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\igfxsrvc.exe

< MD5 for: LSASS.EXE >
[2009/06/15 09:21:28 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=02474FBCB00AA5C622E92F620DB9A041 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_02bcb9272e6ecc60\lsass.exe
[2012/06/01 18:14:33 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=0688C6F0E5B1E0ADB1E10BF6A9023063 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22869_none_04a16b072b950d95\lsass.exe
[2009/09/10 11:22:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1104B18819392FEA12FB5F9E170E66B3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_00fbc3d9312b9991\lsass.exe
[2009/02/13 04:52:40 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1979F94B28107233315DD6220F2304DD -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_02ad19252e799f25\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_026926461528a96c\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_02635b98152c3e5e\lsass.exe
[2008/01/20 22:48:17 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=1B461E9F6DB0EF829B4369F47A24BBEC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_04549f52124a74b8\lsass.exe
[2009/06/15 09:34:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=1E766E4C5BF9E230AD37A56BF7DB6C94 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_00d282d7314a3edc\lsass.exe
[2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=260BF9C43EE12C6898A9F5AAB0FB0E5D -- C:\Windows\SysNative\lsass.exe
[2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=260BF9C43EE12C6898A9F5AAB0FB0E5D -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18541_none_042567f8126e70e3\lsass.exe
[2011/11/16 10:34:41 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=260BF9C43EE12C6898A9F5AAB0FB0E5D -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18643_none_04276a72126ca0b8\lsass.exe
[2009/06/15 09:32:30 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=306E4503E083A498AE797FF59FA72839 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_00373bf8183ad660\lsass.exe
[2009/06/15 09:15:02 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=40348DCEC0712ED42231C5F90A69A690 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_041a8e8e12769b11\lsass.exe
[2009/09/09 07:32:36 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=41FB90DF49F203672F459122EF1F13B1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_02effd0d2e47247b\lsass.exe
[2011/11/16 10:08:48 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=54BC2124F6BCF2050D7C3057C0611AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22742_none_04b006f32b8b272b\lsass.exe
[2009/02/13 01:14:46 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=563B71CEF1D46A24C5980FA2988DB67F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_0101906d312801c6\lsass.exe
[2009/06/15 09:26:45 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=80F4593E92FF960E4763380D3168E498 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_021f7b32155f99ff\lsass.exe
[2009/09/10 10:57:16 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=BBBCE2DACDCCD5EA60A50D0023AE2DE9 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_04c69d972b7a16dd\lsass.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\lsass.exe
[2009/02/13 03:46:54 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=E231BDBD7D69857EEFFDEB3A48A53824 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_006d4b9418124aab\lsass.exe
[2009/06/15 09:12:52 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=EBDAEE60E442BEA413E5D7CEDFB09463 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_04a52ba32b935432\lsass.exe

< MD5 for: SLSVC.EXE >
[2008/01/20 22:50:12 | 002,161,664 | ---- | M] (Microsoft Corporation) MD5=A301D2CEFB4747DFE0C24425DCBE0B78 -- C:\Windows\winsxs\amd64_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6001.18000_none_aa9618fdb1e36bfe\SLsvc.exe
[2009/04/11 03:10:35 | 002,582,016 | ---- | M] (Microsoft Corporation) MD5=A9A27A8E257B45A604FDAD4F26FE7241 -- C:\Windows\SysNative\SLsvc.exe
[2009/04/11 03:10:35 | 002,582,016 | ---- | M] (Microsoft Corporation) MD5=A9A27A8E257B45A604FDAD4F26FE7241 -- C:\Windows\winsxs\amd64_microsoft-windows-security-licensing-slc_31bf3856ad364e35_6.0.6002.18005_none_ac819209af05374a\SLsvc.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\SLsvc.exe

< MD5 for: SMSS.EXE >
[2013/03/08 21:48:36 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=34B7B826716B166778ED454B7628EF5E -- C:\Windows\SysNative\smss.exe
[2013/03/08 21:48:36 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=34B7B826716B166778ED454B7628EF5E -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18805_none_0a44cbbcceb0c574\smss.exe
[2013/07/07 21:52:33 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=731772AD357CBCEE7B560A44AA7EAD47 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23154_none_0a9732a9e7f80805\smss.exe
[2013/03/08 21:52:47 | 000,075,776 | ---- | M] (Microsoft Corporation) MD5=90B4EBD32298AA34FE5F0D9B01F9DD18 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.23076_none_0a83917fe806756e\smss.exe
[2008/01/20 22:50:36 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=9FC8E8C0F344EAE043740B72794DA3CC -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_08594380d18f10f0\smss.exe
[2009/04/11 03:10:54 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=C17704EA5B0F83D78F1377075FFE1C89 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_0a44bc8cceb0dc3c\smss.exe
[2013/10/15 19:08:24 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/17 10:54:44 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=439017BE66398AB809D81B3AE8393883 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe
[2010/08/17 10:02:18 | 000,270,848 | ---- | M] (Microsoft Corporation) MD5=7F59AA690212241B398D6DBE4071EE3C -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe
[2010/08/17 10:04:48 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=92E6738D25C2123BE9515C0EAC0776CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe
[2013/10/15 19:08:41 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\spoolsv.exe
[2008/01/20 22:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 03:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\SysNative\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe

< MD5 for: TODDSRV.EXE >
[2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) MD5=19AF3434564E973BC232BBD629EC2BF6 -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\TODDSrv.exe
[2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) MD5=19AF3434564E973BC232BBD629EC2BF6 -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Disc Creator\TODDSrv.exe
[2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) MD5=19AF3434564E973BC232BBD629EC2BF6 -- C:\Windows\SysNative\TODDSrv.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\TODDSrv.exe

< MD5 for: WUAUCLT.EXE >
[2009/08/06 22:24:17 | 000,057,560 | ---- | M] (Microsoft Corporation) MD5=0CAF9B387CC42FC365626003E0751937 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_4597bdc113f9f351\wuauclt.exe
[2008/10/16 17:09:40 | 000,054,296 | ---- | M] (Microsoft Corporation) MD5=0DF8A7A5E072A6BA0AF1E563518255C0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_8683d52d1ee055aa\wuauclt.exe
[2008/01/20 22:51:21 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=44E38EB04F48FCD1D0D230C10A3EED39 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_fc7174b1ecdd9336\wuauclt.exe
[2008/01/20 22:51:21 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=44E38EB04F48FCD1D0D230C10A3EED39 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6002.18005_none_fe5cedbde9ff5e82\wuauclt.exe
[2006/11/02 07:16:23 | 000,044,032 | ---- | M] (Microsoft Corporation) MD5=82979850A3E9B7581E28852139EB9D01 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_08ca3670650bd993\wuauclt.exe
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) MD5=C1C03EA437EDDA8A7D4D8786E5AE6751 -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) MD5=C1C03EA437EDDA8A7D4D8786E5AE6751 -- C:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe
[2013/10/15 19:08:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Windows\SysWOW64\wuauclt.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#12
Buddierdl

Posted 20 March 2014 - 03:58 PM

Trusted Helper

Malware Removal
2,524 posts

Hi,

It looks like the OTL fix still didn't go through. Are you sure you clicked the "Run Fix" button?

#13
GeoTor

Posted 21 March 2014 - 05:44 AM

New Member

Topic Starter
Member
7 posts

Hi. Yes, I did exactly as the instructions said. I think I did it the first time, too.

#14
Buddierdl

Posted 21 March 2014 - 09:10 AM

Trusted Helper

Malware Removal
2,524 posts

Okay, let's try FRST instead. Download the attached fixlist.txt to your desktop, run FRST again, and select "Fix." Post the resulting fixlog.txt.

For Firefox, let's start with a simple uninstall/reinstall and see if that helps.

Attached Files

fixlist.txt 474bytes 204 downloads

#15
Buddierdl

Posted 27 March 2014 - 04:55 PM

Trusted Helper

Malware Removal
2,524 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.