Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Ram being eating malwarebytes freezeing [Solved]

virus malware memory

  • This topic is locked This topic is locked

#16
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

still wont let me download it have the error msg vbscript popping up each time


  • 0

Advertisements


#17
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Are you having problem downloading it or running it?
  • 0

#18
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

just a problem installing the download will complete but when I try to install it asks for permission i accept it then all of a sudden vbscript cant be found


  • 0

#19
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Okay. Re-run OTL.exe and click on Quick Scan. Post the log after the scan. :)
  • 0

#20
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

OTL logfile created on: 4/19/2014 11:09:24 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\aarons\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.00% Memory free
6.20 Gb Paging File | 4.20 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 34.06 Gb Free Space | 24.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.27% Space Free | Partition Type: NTFS
 
Computer Name: AARONS-PC | User Name: aarons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/18 22:29:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aarons\Downloads\OTL.exe
PRC - [2014/04/14 22:36:41 | 000,647,168 | ---- | M] (IDEVFH) -- C:\Users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2014/04/14 07:45:18 | 000,258,160 | ---- | M] (Dell) -- C:\Users\aarons\AppData\Local\Apps\2.0\71Q8ZXZ9.NP0\LPEEM8HG.5YJ\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe
PRC - [2014/03/29 03:40:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/20 13:28:36 | 000,055,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\IMVUClient.exe
PRC - [2014/03/20 13:28:36 | 000,023,848 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files\PasswordBox\pbbtnService.exe
PRC - [2013/10/30 20:09:08 | 002,990,304 | ---- | M] (Nota Inc.) -- C:\Program Files\Gyazo\GyStation.exe
PRC - [2013/10/30 17:51:34 | 002,838,568 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2013/10/30 17:51:30 | 000,091,688 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
PRC - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/09/12 12:06:06 | 005,110,672 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/07/15 16:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/05 23:34:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/06 13:13:12 | 000,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/08/21 08:27:24 | 000,098,304 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () -- C:\Windows\System32\ANIWConnService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 02:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/29 03:40:06 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/20 13:28:36 | 000,055,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\IMVUClient.exe
MOD - [2014/03/20 13:28:36 | 000,023,848 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
MOD - [2014/03/11 15:37:52 | 000,135,680 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_libzero.pyd
MOD - [2014/03/11 15:37:46 | 000,131,072 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_imvugecko.pyd
MOD - [2014/03/11 15:37:42 | 000,083,968 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_imvuflash.pyd
MOD - [2014/03/11 15:37:34 | 000,817,152 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_cal3d.pyd
MOD - [2014/03/11 15:36:12 | 001,646,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_avatarwindow.pyd
MOD - [2014/03/11 15:26:46 | 000,190,976 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\imvugecko.dll
MOD - [2014/03/11 15:26:38 | 000,110,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\imvuflash.dll
MOD - [2014/03/11 15:25:30 | 000,942,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\SceneWindow.dll
MOD - [2014/03/11 15:24:36 | 000,169,984 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\zero.dll
MOD - [2014/03/11 15:19:08 | 000,277,504 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\cal3d.dll
MOD - [2014/02/14 05:32:29 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3cf321fb70231d473d99105a582c23e1\System.Deployment.ni.dll
MOD - [2014/02/14 05:32:19 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/14 05:30:33 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/14 05:29:52 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/14 05:29:02 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/14 05:19:51 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/14 05:19:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2014/02/06 14:33:42 | 016,166,280 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\NPSWF32.dll
MOD - [2014/02/04 22:36:06 | 000,044,032 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_pylzma.pyd
MOD - [2014/02/04 22:32:16 | 000,068,096 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_audiere.pyd
MOD - [2014/02/04 22:24:10 | 000,010,752 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\nphwndproxy.dll
MOD - [2014/02/04 22:21:10 | 000,014,336 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\MemoryHook.dll
MOD - [2014/02/04 22:19:00 | 000,072,704 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\ParticleLib.dll
MOD - [2014/02/04 22:18:24 | 000,216,576 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\boost_python.dll
MOD - [2014/02/04 22:18:20 | 000,031,744 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\CallStack.dll
MOD - [2014/02/04 22:17:56 | 000,249,344 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\audiere.dll
MOD - [2014/02/04 21:44:14 | 000,081,408 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_sqlite3.pyd
MOD - [2014/02/04 21:28:56 | 000,639,488 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\sqlite3.dll
MOD - [2014/02/04 20:29:22 | 000,686,080 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\unicodedata.pyd
MOD - [2014/02/04 20:29:22 | 000,126,976 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\pyexpat.pyd
MOD - [2014/02/04 20:29:22 | 000,109,568 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\pywintypes27.dll
MOD - [2014/02/04 20:29:22 | 000,087,040 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_ctypes.pyd
MOD - [2014/02/04 20:29:22 | 000,046,080 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_socket.pyd
MOD - [2014/02/04 20:29:22 | 000,028,160 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_ssl.pyd
MOD - [2014/02/04 20:29:22 | 000,016,384 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32clipboard.pyd
MOD - [2014/02/04 20:29:22 | 000,010,240 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\select.pyd
MOD - [2014/02/04 20:29:20 | 000,659,456 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\_imaging.pyd
MOD - [2014/02/04 20:29:20 | 000,166,912 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32gui.pyd
MOD - [2014/02/04 20:29:20 | 000,110,592 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32file.pyd
MOD - [2014/02/04 20:29:20 | 000,098,304 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32api.pyd
MOD - [2014/02/04 20:29:20 | 000,034,816 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32process.pyd
MOD - [2014/02/04 20:29:20 | 000,016,896 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32event.pyd
MOD - [2014/02/04 20:29:18 | 000,357,888 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\pythoncom27.dll
MOD - [2014/02/04 20:29:18 | 000,265,216 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
MOD - [2014/02/03 21:48:16 | 000,872,448 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\IMVUClient\js3250.dll
MOD - [2013/12/18 11:14:42 | 000,851,968 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\npfirefoxprocessor.dll
MOD - [2013/12/18 11:14:14 | 001,246,720 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\npffaddons.dll
MOD - [2013/12/18 11:13:34 | 000,224,768 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\npwmi.dll
MOD - [2013/12/18 11:13:20 | 000,228,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\npsurvey.dll
MOD - [2013/12/18 11:13:08 | 000,150,528 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\npsp1.dll
MOD - [2013/12/18 11:12:44 | 000,504,832 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\communication.dll
MOD - [2013/10/30 17:49:40 | 000,504,320 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/07/07 17:50:04 | 000,258,048 | ---- | M] () -- C:\Windows\System32\wlanapp.dll
MOD - [2009/06/01 13:23:24 | 000,315,392 | ---- | M] () -- C:\Program Files\ANI\ANIWZCS2 Service\ANIOApi.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - File not found [Auto | Stopped] -- C:\program files\otshot\ZalmanUpdateService.exe -- (otshot)
SRV - File not found [Auto | Stopped] -- C:\Users\aarons\AppData\Local\LOGMEI~2\LMIR0001.tmp\LMI_Rescue_srv.exe -- (LMIRescue_64bc35dc-6e03-4953-bce6-dd4e0e2f61bb)
SRV - [2014/03/29 03:40:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/10/30 17:51:34 | 002,838,568 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2013/09/12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/01/03 14:14:00 | 004,726,616 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/03/31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/08/06 13:13:12 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/11/17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/07/07 19:10:14 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva285.sys -- (XDva285)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IPlayUnlimited\Cabal Reloaded\Byakko.K32 -- (ByakkoDriver)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] --  -- (adfs)
DRV - [2014/04/17 16:30:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/12/18 11:11:56 | 000,023,080 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\meter5\nnfwdk.sys -- (nnfwdk)
DRV - [2013/10/02 03:31:32 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/09/22 01:18:40 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/09/17 15:17:38 | 000,188,808 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/09/17 15:17:38 | 000,134,248 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2013/09/17 15:17:38 | 000,122,376 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013/09/04 14:57:44 | 000,024,040 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiutil.sys -- (gfiutil)
DRV - [2013/05/23 08:39:14 | 000,043,368 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/19 19:10:28 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/08/24 15:41:32 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/03/16 11:08:48 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003)
DRV - [2011/11/27 21:05:20 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/06/23 09:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2010/06/18 14:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 13:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/02/17 05:44:14 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/08/03 09:56:10 | 000,735,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/09 23:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/06 17:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/04/29 03:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/12/31 14:38:18 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.2.0.38
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4E7CEC2A-C5D2-C947-D95C-8B952AF7CCD5}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{66D5E31B-4556-C309-8E9A-C2BE01B8E9EF}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{C948826D-71F6-40A7-9DCB-F99B2DD62765}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7BE173B749-DB5B-4fd2-BA0E-94ECEA0CA55B%7D:7.4
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: netsight%40nielsen.com:2.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kr.gameclub.com/WebStarter: C:\Users\TwainDaPrince\AppData\Roaming\GameClub_en\NPMicroGamesCOM.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Malek\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/09 17:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/09/10 18:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/09/10 18:10:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PasswordBox\Firefox [2013/11/21 09:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\n[email protected] [2014/04/19 10:12:17 | 000,009,382 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/04/15 19:42:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/19 07:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014/04/15 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/09 17:35:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\aarons\AppData\Roaming\Mixi.DJ\ffextension
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{cd288a68-7b21-4f14-b789-82cc44992259}: C:\Program Files\LyricsContainer\133.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/04/15 19:42:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/19 07:31:09 | 000,000,000 | ---D | M]
 
[2012/11/22 12:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aarons\AppData\Roaming\mozilla\Extensions
[2012/11/22 12:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aarons\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/04/19 10:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions
[2013/08/20 16:36:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38)
[2014/04/14 22:39:22 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2014/02/26 13:53:52 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\aarons\AppData\Roaming\mozilla\firefox\profiles\h3eg7qcu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/19 09:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2014/03/29 03:38:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/29 03:40:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/19 10:12:17 | 000,009,382 | ---- | M] () (No name found) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER5\FIREFOXADDONS\[email protected]
[2009/10/25 18:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/06/29 18:25:04 | 000,050,336 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggncmpccbjknepgpadjeehajomjbab\5.0.0.0_0\
CHR - Extension: Savings Vault = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnadhkglnmmilocdmlpdbkppdiheid\1.0_0\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blcefchbfgmakifmejncnbognjoadloc\2.0.0.428_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: McAfee Security Scan+ = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhancjnefphmenmfgkbbojnneggnec\0.0.2.7_0\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhancjnefphmenmfgkbbojnneggnec\0.0.2.7_0\template.
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhancjnefphmenmfgkbbojnneggnec\0.0.2.7_1\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\codhancjnefphmenmfgkbbojnneggnec\0.0.2.7_1\template.
CHR - Extension: Complitly plugin for chrome = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmdlmoekcipeicfbnohedgkglmbhcla\1.0.0_0\
CHR - Extension: No name found = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
CHR - Extension: Downloader = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
CHR - Extension: Downloader = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_1\
CHR - Extension: Downloader = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_2\
CHR - Extension: Downloader = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_3\
CHR - Extension: Nielsen = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.8_0\
CHR - Extension: Nielsen = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.8_1\
CHR - Extension: Nielsen = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.9_0\
CHR - Extension: Nielsen = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.8.1_0\
CHR - Extension: Google Wallet = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Lavasoft NewTab = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0\
CHR - Extension: Lavasoft NewTab = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_1\
CHR - Extension: RebateRobot = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RebateRobot = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.1.2_0\
CHR - Extension: RebateRobot = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.1.2_1\
CHR - Extension: RebateRobot = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.1.2_2\
CHR - Extension: RebateRobot = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda\2.2_0\
CHR - Extension: Mixi.DJ Player = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pplbcffkbfomaljfeljglbkoibcncjon\1.0_0\
CHR - Extension: Mixi.DJ Player = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pplbcffkbfomaljfeljglbkoibcncjon\1.0_1\
CHR - Extension: Mixi.DJ Player = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pplbcffkbfomaljfeljglbkoibcncjon\1.0_2\
CHR - Extension: Mixi.DJ Player = C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pplbcffkbfomaljfeljglbkoibcncjon\1.0_3\
 
O1 HOSTS File: ([2014/04/19 07:34:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe (The Nielsen Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\aarons\AppData\Local\Apps\2.0\71Q8ZXZ9.NP0\LPEEM8HG.5YJ\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Gyazo] C:\Program Files\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\aarons\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Download Photo... - res://C:\Program Files\DelorTech, Ltd\MXDFP 1.0\FBDownloader.dll/500 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1045 (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Value error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1005.cab (MGLaunch_v1004 Class)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {D89D97A9-12C5-45E3-9353-3540761FE15C} http://channel.dontb...alWebLaunch.CAB (SealWebLaunch Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08EF5DC0-73A6-4458-A5A5-2CAFE1D00852}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E3C658-D383-463E-AC0C-5570B6B5D77F}: DhcpNameServer = 192.168.15.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\aarons\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\aarons\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 10:11:24 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\adawarebp
[2014/04/19 09:42:11 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/04/19 09:00:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/19 07:47:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/19 07:29:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/17 16:30:16 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/04/15 16:41:34 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\ESET
[2014/04/15 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/04/15 14:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/04/14 14:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/04/14 03:13:59 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\NPE
[2014/04/13 20:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2014/04/12 07:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2014/04/12 07:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2014/04/11 18:40:07 | 000,024,040 | ---- | C] (ThreatTrack Security) -- C:\Windows\System32\drivers\gfiutil.sys
[2014/04/11 18:40:05 | 000,043,368 | ---- | C] (ThreatTrack Security) -- C:\Windows\System32\drivers\gfiark.sys
[2014/04/11 18:39:32 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/04/10 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\aarons\AppData\Local\LogMeIn Rescue Applet
[2014/04/02 20:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BoostSoftware
[2014/03/29 03:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/11 23:57:32 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 11:29:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1005Core.job
[2014/04/19 11:18:56 | 000,000,828 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2014/04/19 10:11:31 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{08EF5DC0-73A6-4458-A5A5-2CAFE1D00852}
[2014/04/19 10:11:31 | 000,003,284 | ---- | M] () -- C:\Users\aarons\AppData\Roaming\ANIWZCS{08EF5DC0-73A6-4458-A5A5-2CAFE1D00852}
[2014/04/19 10:10:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 10:10:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 10:08:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 09:44:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1005UA.job
[2014/04/19 09:44:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1005Core.job
[2014/04/19 08:47:29 | 000,001,790 | ---- | M] () -- C:\Users\aarons\Desktop\IMVU.lnk
[2014/04/19 08:29:10 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1005UA.job
[2014/04/19 07:34:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/04/19 07:21:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1002UA.job
[2014/04/17 16:30:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/04/16 13:21:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-276059291-3993976188-3623813286-1002Core.job
[2014/04/13 15:19:01 | 000,005,216 | ---- | M] () -- C:\Users\aarons\AppData\Local\d3d9caps.dat
[2014/04/12 07:16:47 | 000,000,865 | ---- | M] () -- C:\Users\aarons\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2014/04/11 18:40:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 08:48:37 | 000,000,828 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2014/04/19 06:48:26 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/04/13 06:59:56 | 000,003,284 | ---- | C] () -- C:\Windows\System32\ANIWZCS{08EF5DC0-73A6-4458-A5A5-2CAFE1D00852}
[2014/04/12 07:16:47 | 000,000,865 | ---- | C] () -- C:\Users\aarons\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2014/04/11 18:40:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2014/02/14 02:05:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/19 01:40:05 | 000,000,129 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\WB.CFG
[2013/09/30 22:02:31 | 000,031,560 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/09/20 22:30:05 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/05 05:19:06 | 000,048,402 | -HS- | C] () -- C:\Users\aarons\AppData\Local\ws_updater.exe
[2013/08/19 14:35:29 | 000,838,880 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/10/10 11:36:59 | 000,003,284 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\ANIWZCS{08EF5DC0-73A6-4458-A5A5-2CAFE1D00852}
[2012/10/10 11:36:01 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2012/10/10 11:35:44 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2012/10/10 11:35:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2012/10/10 11:35:44 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2012/10/10 11:35:42 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2012/10/10 11:34:48 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2012/10/10 11:34:05 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2012/10/10 11:34:04 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2012/10/10 11:20:39 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2012/10/10 11:20:38 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/07/02 16:43:00 | 000,009,216 | ---- | C] () -- C:\Windows\Launcher.exe
[2012/02/22 08:31:42 | 002,826,261 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20120221_102741.tif
[2012/02/22 08:31:38 | 000,489,181 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20120221_102636.tif
[2012/02/22 08:31:16 | 003,293,677 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20120221_103102.tif
[2011/11/28 12:52:21 | 000,005,216 | ---- | C] () -- C:\Users\aarons\AppData\Local\d3d9caps.dat
[2011/11/28 12:24:35 | 000,456,133 | ---- | C] () -- C:\Users\aarons\517 364 3718_20111128_112313.tif
[2011/09/21 09:38:58 | 000,459,577 | ---- | C] () -- C:\Users\aarons\5178865458_20110919_135537.tif
[2011/05/24 08:14:50 | 002,358,835 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20110524_091218.tif
[2011/05/24 08:14:45 | 000,489,171 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20110524_083012.tif
[2010/11/12 08:15:12 | 001,832,235 | ---- | C] () -- C:\Users\aarons\313 667 0779_20101112_070959.tif
[2010/05/29 06:24:14 | 000,487,659 | ---- | C] () -- C:\Users\aarons\Sedgwick CMS_20100528_123729.tif
[2010/05/15 08:27:50 | 001,409,530 | ---- | C] () -- C:\Users\aarons\12483062014_20100513_154541.tif
[2010/05/13 08:13:50 | 000,470,144 | ---- | C] () -- C:\Users\aarons\12483062014_20100513_091253.tif
[2010/04/19 06:37:19 | 000,000,670 | ---- | C] () -- C:\Users\aarons\AppData\Roaming\wklnhst.dat
[2010/03/08 15:24:50 | 000,475,999 | ---- | C] () -- C:\Users\aarons\Select Portfolio_20100304_140452.tif
[2010/03/03 15:27:11 | 000,475,991 | ---- | C] () -- C:\Users\aarons\FAXAGENT_20100303_142540.tif
[2010/03/01 19:22:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/19 16:44:59 | 000,000,632 | RHS- | C] () -- C:\Users\aarons\ntuser.pol
[2009/10/24 14:48:51 | 000,021,504 | ---- | C] () -- C:\Users\aarons\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/08/17 01:17:58 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\Allmyapps
[2012/12/18 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\bsnes
[2013/05/29 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\fltk.org
[2014/01/26 22:50:07 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\Gyazo
[2013/03/30 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\HTC
[2011/08/19 07:47:31 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2014/04/19 13:34:05 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\IMVU
[2014/04/19 08:47:28 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\IMVUClient
[2013/09/25 22:46:56 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\JAM Software
[2010/08/21 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\motorola
[2012/09/07 11:39:33 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\ooVoo Details
[2013/09/29 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\Product_RM
[2010/03/09 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\supportdotcom
[2010/03/09 16:53:41 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\SupportSoft
[2010/04/19 06:38:05 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\Template
[2011/08/19 06:18:12 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\Tific
[2012/11/22 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\aarons\AppData\Roaming\TomTom
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/08/15 07:46:46 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
[2013/08/15 07:46:46 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
[2013/07/29 01:18:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
[2013/07/29 01:18:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
[2013/03/04 12:27:37 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䔸䇨0
[2013/03/04 12:27:37 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䔸䇨0
(C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
(C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
(C:\ProgramData\????0) -- C:\ProgramData\䔸䇨0
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\aarons\Documents\Imported Photos 00002.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\aarons\Documents\Imported Photos 00001.jpg:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Users\aarons\Documents\party 177.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\aarons\Documents\party 174.AVI:TOC.WMV

< End of report >
 


  • 0

#21
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
How is your PC running now?
  • 0

#22
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

its moving fast but im still losing ram and mbam still freezes up when it found more viruses


  • 0

#23
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Hi twain1, :)

Uninstall Norton 360. Run Norton Removal Tool for cleanup.
Reset Google Chrome by perusing this article.

 
  • Step #8 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.2.0.38
      IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
      [2013/08/20 16:36:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38)
      O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
      [2013/08/15 07:46:46 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
      [2013/08/15 07:46:46 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
      [2013/07/29 01:18:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
      [2013/07/29 01:18:24 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䖠䉐0
      [2013/03/04 12:27:37 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䔸䇨0
      [2013/03/04 12:27:37 | 000,000,000 | ---D | M](C:\ProgramData\????0) -- C:\ProgramData\䔸䇨0

      :Files
      C:\ProgramData\䖠䉐0
      C:\ProgramData\䖠䉐0
      C:\ProgramData\䔸䇨0

      :Commands
      [emptytemp]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #9 Scan with Farbar Service Scanner
    • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
      Download Link
    • Right-click and choose Run as Administrator;
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
 
  • Step #10 Repair Windows
    • Please download Windows Repair (All in one) to your Desktop from the link below.
      Click Here
    • Right click and choose Run as Administrator;
    • Accept the UAC warning to Allow the Program;
      startoftheprogram.jpg
    • Click on the Step 3 tab;
      step3sfc.jpg
    • Click the Do It button;
    • Click on the start repairs tab, and then Click start;
    • Select the following items and tick restart system when finished;
      whitehatsworkinglistll.jpg
    • Once complete reboot your PC.
 
  • Required Log(s):
    • OTL Fix Log;
    • Farbar Service Scanner Log
Regards,
Valinorum
  • 0

#24
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38)\META-INF folder moved successfully.
C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38)\components folder moved successfully.
C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38)\chrome folder moved successfully.
C:\Users\aarons\AppData\Roaming\mozilla\Firefox\Profiles\h3eg7qcu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(38) folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Folder C:\ProgramData\䖠䉐0\ not found.
Folder C:\ProgramData\䖠䉐0\ not found.
Folder C:\ProgramData\䖠䉐0\ not found.
Folder C:\ProgramData\䖠䉐0\ not found.
Folder C:\ProgramData\䔸䇨0\ not found.
Folder C:\ProgramData\䔸䇨0\ not found.
========== FILES ==========
File\Folder C:\ProgramData\䖠䉐0 not found.
File\Folder C:\ProgramData\䖠䉐0 not found.
File\Folder C:\ProgramData\䔸䇨0 not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: aarons
->Temp folder emptied: 30874306 bytes
->Temporary Internet Files folder emptied: 368990950 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 177491091 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1770 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Entwain
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Malek
 
User: PrinceTwain
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: twizzle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6653 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9218313 bytes
RecycleBin emptied: 3776415 bytes
 
Total Files Cleaned = 563.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04202014_073948

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#25
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Farbar Service Scanner Version: 25-02-2014
Ran by aarons (administrator) on 20-04-2014 at 07:49:21
Running from "C:\Users\aarons\Downloads"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


  • 0

Advertisements


#26
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Did you perform Step 10?
  • 0

#27
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

its still running


  • 0

#28
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Okay. Let me know the result when done.
  • 0

#29
twain1

twain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

mbam still stopping ram still deleting slowly


  • 0

#30
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,918 posts
Un-install Malwarebytes' anti-malware from [urk=https://helpdesk.mal...s-Anti-Malware-]here[/url] then download and re-install it from here.
  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware, memory

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP