Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

V-bates-Trovi-DuckDuckGo [Solved]


  • This topic is locked This topic is locked

#1
Elisheba

Elisheba

    Member

  • Member
  • PipPip
  • 43 posts

Hi. Thank you so much for the help that you provide so many people through this website. It's amazing the amount of time that you all put in to help all of us with our computer issues. And for that I'm so grateful. 

 

I don't remember what I was doing when I got the viruses. I know though, that suddenly one minute things were fine and the next minute my search engines were changed to Trovi and I saw Bing search and it was a bit crazy for a little while.

 

It appears that I have at least 3 viruses. V-bate, Trovi, and DuckDuckGo. I ran Malwarebytes and it found 13 but I don't believe it got rid of everything. My computer is not acting weird at all, but since I know the viruses are still there I wanted to come and ask for help in removing them completely, if that's possible. 

 

I tried hitman pro, Avg, and Spybot (and Im sure a few others) but none got rid of them completely. I tried a few online scanners. They didnt do the trick fully either. I see from the OTL long that there are pieces of a few of the viruses still there. 

 

I have a Dell N4030 laptop 64 bit, with Win 7. I'm not sure what other information you need. Please ask I'll tell you what you need. 

Can someone check my computer out and help me to clean it out? I'd sure appreciate it alot. Thank you!

 

~Lisa~

 

OTL logfile created on: 5/22/2014 6:19:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.33% Memory free
7.61 Gb Paging File | 5.34 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 213.11 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
 
Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/05/22 06:17:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2014/05/07 16:29:35 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/04 22:39:22 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/07 16:29:33 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll
MOD - [2014/05/07 16:29:31 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
MOD - [2014/05/07 16:29:27 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
MOD - [2014/05/07 16:29:27 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
MOD - [2014/05/07 16:29:26 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
MOD - [2014/05/07 16:29:24 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
MOD - [2013/12/08 16:14:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/30 12:54:31 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/10/14 07:45:26 | 000,270,848 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/05/13 18:18:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 00:09:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/04 22:39:27 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/04 22:39:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/04 22:39:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/06 15:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/04/02 02:31:43 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/03/30 12:54:31 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/30 12:54:31 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/19 22:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 07:45:26 | 000,518,144 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/24 13:19:18 | 000,033,144 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd)
DRV:64bit: - [2010/02/13 20:28:34 | 000,293,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2012/10/16 19:47:10 | 000,013,359 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS -- (SydexFDD)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 67 9B 08 14 60 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {4DA5DA9D-0B66-4939-B138-6ABA03AC9584}
IE - HKCU\..\SearchScopes\{02E4B210-812F-4D4A-8DFB-A2AEB724D16A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{4DA5DA9D-0B66-4939-B138-6ABA03AC9584}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.9.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.3.0
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:23.7
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.55
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/10 00:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/14 03:24:18 | 000,000,000 | ---D | M]
 
[2012/04/02 21:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/05/15 13:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions
[2014/05/14 13:58:02 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/05/11 22:43:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/05/14 13:58:01 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/01/02 11:33:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2014/05/11 22:38:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2013/06/02 21:48:57 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2014/05/11 22:46:26 | 000,075,097 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2014/04/16 01:34:15 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2014/01/13 22:56:44 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/05/09 23:09:35 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/28 16:08:30 | 000,010,530 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml
[2014/05/17 09:06:43 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml
[2014/05/10 00:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 00:09:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - Extension: Splendid = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock for Youtubeâ„¢ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.17_0\
CHR - Extension: avast! Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Planner 5D = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Current Moon Phase -N.Hemisphere = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo\1.28.0.0_0\
CHR - Extension: Earth map = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp\2.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\
 
O1 HOSTS File: ([2013/06/08 18:53:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B32BC24-EC0D-4AA9-A1D9-85FBD48ED006}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/20 23:52:54 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Storage for John
[2014/05/17 11:03:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/05/16 20:20:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/05/16 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/05/15 18:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/05/15 14:15:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Max Secure Software
[2014/05/15 13:14:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/14 14:46:18 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/05/12 17:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/05/12 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/10 00:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/04 22:39:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieUserList
[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieSiteList
[2014/05/01 17:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/04/30 11:12:31 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 06:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 06:10:56 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 06:10:56 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 05:59:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 05:58:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/22 05:58:50 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/21 21:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/21 20:52:19 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/21 20:52:19 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/21 20:52:19 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 11:03:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/05/15 15:13:17 | 000,001,698 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2014/05/15 12:50:11 | 000,000,046 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2014/05/15 12:45:54 | 000,000,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2014/05/14 15:34:25 | 000,681,280 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/05/14 15:34:05 | 000,073,469 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\olepro32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumdx32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll
[2014/05/14 15:09:57 | 000,000,010 | ---- | M] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
[2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/04 22:39:27 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1399914448080
[2014/05/04 22:39:27 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1399914448080
[2014/05/04 22:39:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 22:39:27 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 22:39:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 22:39:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 22:39:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files Created - No Company Name ==========
 
[2014/05/15 15:13:17 | 000,001,698 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2014/05/15 12:50:11 | 000,000,046 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2014/05/15 12:45:54 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\olepro32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumdx32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll
[2014/05/14 15:09:57 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
[2014/05/04 22:39:29 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/03/17 18:03:57 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2014/03/17 18:03:20 | 000,000,075 | ---- | C] () -- C:\Windows\Crypkey.ini
[2014/03/17 18:03:10 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2014/03/17 18:03:10 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2014/03/17 18:03:10 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2014/01/16 15:56:08 | 000,014,034 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2014/01/08 21:32:57 | 000,000,070 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2014/01/02 11:31:26 | 000,681,280 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/01/02 11:30:57 | 000,073,469 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/01/02 11:18:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/01/02 11:08:27 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/10/20 18:04:35 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/15 15:36:23 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/03/31 04:14:12 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/06/24 11:15:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/07 20:57:11 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm
[2012/05/07 09:51:39 | 000,043,008 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 10:53:34 | 000,007,622 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\abelhadigital.com
[2013/12/08 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2012/03/30 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DRPSu
[2013/06/18 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2013/01/03 18:36:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flo & Seb Engineering
[2013/06/27 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2012/06/27 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MP3Rocket
[2012/04/15 12:54:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2014/03/25 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera Software
[2013/05/02 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2012/04/04 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2012/05/31 09:56:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
[2014/05/11 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2012/11/24 02:25:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RCKR
[2014/05/20 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SandSComputing
[2013/12/29 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSDir
[2012/04/04 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp
[2014/05/16 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8CE646EE
 
< End of report >
 

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:



Hello :)

There is another log that was created when you first ran OTL call Extras.txt. It will be located in the same place as where you ran OTL from. In this case, here: C:\Downloads. Please post that log in your next reply.

Also, please move OTL.exe to your desktop, it works better from there. :thumbsup:


I see a few things that we'll need to get rid of, but I'd like to take a look and make sure nothing more nefarious is hiding. Please follow the intructions below.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:

aswMBR Log

The aforementioned Extras.txt log

  • 0

#3
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hi Pystryker, thank you so much for responding. I appreciate it alot. Included are the two logs. 

Attached Files


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi Pystryker, thank you so much for responding. I appreciate it alot. Included are the two logs.


Hello and you are quite welcome. :) One thing I need is when you are posting logs, please copy and paste them into your replies instead of attaching them. Having them in the replies makes them much easier to research. :thumbsup:

I'll have instructions just as soon as take a look at the logs. I'm going to paste them as replies into this thread and get to work on them. :)



OTL Extras logfile created on: 5/22/2014 6:19:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 52.33% Memory free
7.61 Gb Paging File | 5.34 Gb Available in Paging File | 70.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 213.11 Gb Free Space | 71.52% Space Free | Partition Type: NTFS

Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17E2272B-0E4F-443A-8D65-3C8E2973248B}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E11583E-7C4D-4E20-9EA7-1C8144EF682A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3D4A0098-2BF1-448C-8F9D-89C082DDC1DC}" = lport=139 | protocol=6 | dir=in | app=system |
"{50D92BA1-14C7-4E5A-8DDC-AA663B45EBDD}" = rport=137 | protocol=17 | dir=out | app=system |
"{73E54833-3DC3-449D-B010-650F8F165A9C}" = rport=445 | protocol=6 | dir=out | app=system |
"{809FFBCF-F522-457E-8075-4DE9CB12DA91}" = rport=138 | protocol=17 | dir=out | app=system |
"{815C61F2-E016-4028-8693-C37DC623A5EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FCE39E9-655E-4E3A-89A7-0E4A512A0F78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94DFDEAA-CB38-41F8-AD47-502169FD7D33}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE12E7A9-249F-4745-B592-79BF3D181CDB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C5F20083-6684-42C1-9287-38076759850A}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA17345B-519D-46DD-A258-94CF697A67F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05485148-95C3-4E04-8B30-72469B55520C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{112A46B0-F09B-49FD-99F2-083ABC68DCA8}" = protocol=1 | dir=out | [email protected],-28544 |
"{25EDA9BA-60F3-4A03-9142-FE9565DDB5D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2B278E38-A02A-40B1-B6A6-D4BFD20B2124}" = protocol=58 | dir=out | [email protected],-28546 |
"{64C73D38-C8E1-4421-AC8E-8BB1FC8CBF64}" = protocol=1 | dir=in | [email protected],-28543 |
"{8B806A31-93BE-47E6-846A-E8A28A1FEBB6}" = protocol=58 | dir=in | [email protected],-28545 |
"{99347181-F176-4346-8063-A80E8A65E291}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{2FDD458D-0E29-4427-BF32-21D59B7C75A3}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{AB8FAEE8-6FB1-4036-800C-985B0BB2D5BA}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8397C1C5-39CA-4D5E-A798-50B5E6C6ABCB}" = SewWrite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4E3AD0C-C757-47C0-B66B-341EDF6D74A2}" = SewIconz
"{A7395F20-2B22-4CB8-8510-B452C0F47E02}" = Movie Maker 6.0 for Windows 7 (64-bit)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F402D1E3-5FBB-4D83-A6AE-67CA37CBD2DA}" = SewWhat-Pro
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HitmanPro37" = HitmanPro 3.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 55
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F9E619-8531-479E-AB80-C81819F0A3D8}" = Wilcom TrueSizer e3.0
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E801DDB4-3CFC-496E-9E04-781EC2445D82}" = Wilcom TrueSizer e3.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"fdrawcmd" = Fdrawcmd.sys 1.0.1.11
"Google Chrome" = Google Chrome
"Inkscape" = Inkscape 0.48.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2014 6:22:30 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 3/25/2014 6:22:30 PM | Computer Name = LisaDay | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized. Details: The content index catalog
is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error - 4/10/2014 1:26:51 AM | Computer Name = LisaDay | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: SHELL32.dll, version: 6.1.7601.18222,
time stamp: 0x51f1ddfa Exception code: 0xc0000005 Fault offset: 0x000000000012e50b
Faulting
process id: 0xabc Faulting application start time: 0x01cf547adfc72e9e Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: b82585a1-c070-11e3-8af5-f04da2b84e99

Error - 5/14/2014 5:31:00 PM | Computer Name = LisaDay | Source = Application Error | ID = 1000
Description = Faulting application name: AoAAudioExtractor.exe, version: 1.1.0.0,
time stamp: 0x4969678b Faulting module name: avcodec-51.dll, version: 0.0.0.0, time
stamp: 0x452d02f3 Exception code: 0xc0000005 Fault offset: 0x002abb46 Faulting process
id: 0xca0 Faulting application start time: 0x01cf6fbb9c8c7c99 Faulting application
path: C:\Program Files (x86)\AoA Audio Extractor\AoAAudioExtractor.exe Faulting
module path: C:\Program Files (x86)\AoA Audio Extractor\avcodec-51.dll Report Id:
0a53f154-dbaf-11e3-af16-f04da2b84e99

Error - 5/15/2014 4:19:59 PM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program adwcleaner_3.208.exe version 3.2.0.8 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 770 Start
Time: 01cf70794a633aa9 Termination Time: 0 Application Path: C:\Downloads\adwcleaner_3.208.exe

Report
Id:

Error - 5/15/2014 4:52:22 PM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program adwcleaner_3.208.exe version 3.2.0.8 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1258 Start
Time: 01cf707c05c5cb71 Termination Time: 14 Application Path: C:\Downloads\adwcleaner_3.208.exe

Report
Id:

Error - 5/16/2014 11:13:27 AM | Computer Name = LisaDay | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bd0 Start
Time: 01cf7118daba9693 Termination Time: 7 Application Path: C:\Program Files (x86)\Spybot
- Search & Destroy\SpybotSD.exe Report Id:

Error - 5/16/2014 12:22:54 PM | Computer Name = LisaDay | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/16/2014 11:02:14 PM | Computer Name = LisaDay | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 5/16/2014 11:04:02 PM | Computer Name = LisaDay | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASKUTIL. System Error: The system cannot find the file specified. .

[ Broadcom Wireless LAN Events ]
Error - 3/27/2014 6:20:34 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 03:20:31, Thu, Mar 27, 14 Error - Unable to gain access to user store


Error - 4/1/2014 1:16:26 PM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 10:16:20, Tue, Apr 01, 14 Error - Unable to gain access to user store


Error - 4/4/2014 9:51:57 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 06:51:54, Fri, Apr 04, 14 Error - Unable to gain access to user store


Error - 4/5/2014 11:54:27 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 08:54:24, Sat, Apr 05, 14 Error - Unable to gain access to user store


Error - 5/4/2014 11:08:06 AM | Computer Name = LisaDay | Source = WLAN-Tray | ID = 0
Description = 08:08:05, Sun, May 04, 14 Error - Unable to gain access to user store


[ System Events ]
Error - 5/20/2014 5:03:20 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 5:03:21 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 5:03:21 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:02 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:02 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:03 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:03 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/20/2014 6:30:04 PM | Computer Name = LisaDay | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/21/2014 11:45:50 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7000
Description =

Error - 5/22/2014 8:59:13 AM | Computer Name = LisaDay | Source = Service Control Manager | ID = 7000
Description =


< End of report >




aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-22 20:03:36
-----------------------------
20:03:36.930 OS Version: Windows x64 6.1.7601 Service Pack 1
20:03:36.930 Number of processors: 2 586 0x2505
20:03:36.931 ComputerName: LISADAY UserName: Owner
20:03:37.829 Initialize success
20:03:41.857 AVAST engine defs: 14052200
20:03:57.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:03:57.023 Disk 0 Vendor: ST932032 D005 Size: 305245MB BusType: 3
20:03:57.152 Disk 0 MBR read successfully
20:03:57.157 Disk 0 MBR scan
20:03:57.177 Disk 0 Windows 7 default MBR code
20:03:57.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:03:57.212 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
20:03:57.331 Disk 0 scanning C:\Windows\system32\drivers
20:04:10.926 Service scanning
20:04:35.377 Modules scanning
20:04:35.393 Disk 0 trace - called modules:
20:04:35.419 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:04:35.428 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a82790]
20:04:35.440 3 CLASSPNP.SYS[fffff88001c9c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048fc050]
20:04:36.239 AVAST engine scan C:\Windows
20:04:38.660 AVAST engine scan C:\Windows\system32
20:08:37.697 AVAST engine scan C:\Windows\system32\drivers
20:08:56.614 AVAST engine scan C:\Users\Owner
20:14:25.006 AVAST engine scan C:\ProgramData
20:15:15.681 Scan finished successfully
20:15:34.396 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
20:15:34.402 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

This is an optional uninstall, but personally, I would uninstall Hitman Pro from your machine. This software doesn't have a very good reputation, and has been known to render machines unbootable.


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
[2013/06/28 16:08:30 | 000,010,530 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml
[2014/05/17 09:06:43 | 000,001,014 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml
O2:64bit: - BHO: (V-bates) - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [V-bates] C:\Program Files\V-bates\notifier.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8CE646EE

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
C:\PROGRAM FILES\V-BATES
C:\PROGRA~2\SearchProtect

:Commands
[emptytemp]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: OTL Quick Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

  • 0

#6
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Sorry about not copying and pasting them in.

 

I don't know how to turn off Avast, other than turn off the shields. I did do that though. If you could tell me how then I'll do that real quick before I start your instructions. 


  • 0

#7
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I also went to the add remove programs to remove Hitman Pro and its not there yet I still see it when I search for it in the search bar in the start bar. 


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Sorry about not copying and pasting them in.
 
I don't know how to turn off Avast, other than turn off the shields. I did do that though. If you could tell me how then I'll do that real quick before I start your instructions.


No worries, nothing to be sorry about. :thumbsup: Disabling the shields in Avast will do the job. :)

I also went to the add remove programs to remove Hitman Pro and its not there yet I still see it when I search for it in the search bar in the start bar.


Interesting, ok, we'll use a different tool a bit later in this process. It may be showing in the search bar, but sounds like it may be hidden in the Add/Remove Programs window.
  • 0

#9
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Ok Im starting on the rest of  your instructions. Thanks.


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Ok Im starting on the rest of  your instructions. Thanks.


:thumbsup:
  • 0

Advertisements


#11
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Things I need to see in your next post:

 

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

 

 

 

OTL FIX LOG:

 

All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\duckduckgo.xml moved successfully.
C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\searchplugins\trovi-search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\V-bates deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
File\Folder C:\PROGRAM FILES\V-BATES not found.
File\Folder C:\PROGRA~2\SearchProtect not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 11433418 bytes
->Temporary Internet Files folder emptied: 555589 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25027734 bytes
->Google Chrome cache emptied: 369588166 bytes
->Flash cache emptied: 2412 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5706 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 388.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222014_205122
 
Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
ADWCLEANER LOG:
 
# AdwCleaner v3.210 - Report created 22/05/2014 at 21:08:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - LISADAY
# Running from : C:\Users\Owner\Desktop\adwcleaner_3.210.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\Users\Owner\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\user.js
File Deleted : C:\Windows\System32\Tasks\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : [x64] HKLM\SOFTWARE\V-bates
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\lh8r2mdq.default\prefs.js ]
 
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\prefs.js ]
 
Line Deleted : user_pref("extensions.fvd_single.__surfcanyon_disable_time", "1");
Line Deleted : user_pref("extensions.fvd_single.seopack.b_surfcanyon", true);
Line Deleted : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=MA997F67D-0299-492C-A036-468648588FF9&SearchSource=58&CUI=&UM=5&UP=SP37D55BBF-4343-4387-B3FF-1430C74E7967&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R3].txt - [3061 octets] - [22/05/2014 21:06:39]
AdwCleaner[S1].txt - [3008 octets] - [22/05/2014 21:08:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3068 octets] ##########
 
 
JUNKWARE REMOVAL LOG:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 05/22/2014 at 21:18:57.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\minidumps [13 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 21:30:10.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
OTL QUICK SCAN LOG:
 
OTL logfile created on: 5/22/2014 9:42:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 56.02% Memory free
7.61 Gb Paging File | 5.48 Gb Available in Paging File | 72.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 212.37 Gb Free Space | 71.27% Space Free | Partition Type: NTFS
 
Computer Name: LISADAY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/05/22 06:17:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/05/13 16:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/04 22:39:22 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 16:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 16:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 16:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/13 16:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/13 16:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2013/12/08 16:14:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/04 22:39:22 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/03/30 12:54:31 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/10/14 07:45:26 | 000,270,848 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2014/05/13 18:18:34 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/10 00:09:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/01/02 11:18:58 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/04 22:39:27 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/04 22:39:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/04 22:39:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/06 15:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/04/02 02:31:43 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012/03/30 12:54:31 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/03/30 12:54:31 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/19 22:54:44 | 000,108,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/14 07:45:26 | 000,518,144 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/24 13:19:18 | 000,033,144 | ---- | M] (simonowen.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdrawcmd.sys -- (fdrawcmd)
DRV:64bit: - [2010/02/13 20:28:34 | 000,293,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/02/10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2012/10/16 19:47:10 | 000,013,359 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SYDEXFDD.SYS -- (SydexFDD)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 67 9B 08 14 60 CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{02E4B210-812F-4D4A-8DFB-A2AEB724D16A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{4DA5DA9D-0B66-4939-B138-6ABA03AC9584}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.9.1
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.3.0
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:23.7
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.55
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/10 00:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/14 03:24:18 | 000,000,000 | ---D | M]
 
[2012/04/02 21:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2014/05/15 13:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions
[2014/05/14 13:58:02 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/05/11 22:43:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/05/14 13:58:01 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2014/01/02 11:33:10 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2014/05/11 22:38:12 | 000,000,000 | ---D | M] ("Flash Video Downloader - Full HD Download") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2013/06/02 21:48:57 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]urandom.ca.xpi
[2014/05/11 22:46:26 | 000,075,097 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\[email protected]
[2014/04/16 01:34:15 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2014/01/13 22:56:44 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/05/09 23:09:35 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\vwstv49y.default-1370233802399\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/10 00:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 00:09:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Reallusion CT4Player for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - Extension: Splendid = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Adblock for Youtubeâ„¢ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\2.17_0\
CHR - Extension: avast! Online Security = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Planner 5D = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Current Moon Phase -N.Hemisphere = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo\1.28.0.0_0\
CHR - Extension: Earth map = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp\2.0_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.141_0\
 
O1 HOSTS File: ([2013/06/08 18:53:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B32BC24-EC0D-4AA9-A1D9-85FBD48ED006}: DhcpNameServer = 8.8.8.8 8.8.4.4 209.55.27.13
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 21:15:22 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/05/22 21:03:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/22 20:51:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/22 20:02:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswmbr.exe
[2014/05/22 06:17:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/05/20 23:52:54 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Storage for John
[2014/05/17 11:03:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/05/16 20:20:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/05/16 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\MFAData
[2014/05/16 19:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg
[2014/05/16 19:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/05/15 18:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/05/15 17:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014/05/15 13:14:23 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/14 14:46:18 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2014/05/12 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/10 00:09:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/04 22:39:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieUserList
[2014/05/04 02:19:41 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieSiteList
[2014/05/01 17:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/04/30 11:12:31 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 21:18:40 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:18:40 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 21:15:31 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/05/22 21:11:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 21:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/22 21:11:04 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/22 21:06:01 | 001,815,229 | ---- | M] () -- C:\Users\Owner\Desktop\V-bates-Trovi-DuckDuckGo..2.pdf
[2014/05/22 21:01:44 | 001,326,389 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner_3.210.exe
[2014/05/22 20:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 20:15:34 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/05/22 20:03:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswmbr.exe
[2014/05/22 19:52:28 | 001,854,960 | ---- | M] () -- C:\Users\Owner\Desktop\V-bates-Trovi-DuckDuckGo..INSTRUCTIONS.pdf
[2014/05/22 06:17:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/05/21 20:52:19 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/21 20:52:19 | 000,662,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/21 20:52:19 | 000,122,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 11:03:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/05/15 15:13:17 | 000,001,698 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2014/05/15 12:50:11 | 000,000,408 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2014/05/15 12:50:11 | 000,000,046 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2014/05/15 12:45:54 | 000,000,096 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2014/05/14 15:34:25 | 000,681,280 | ---- | M] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/05/14 15:34:05 | 000,073,469 | ---- | M] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\olepro32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumdx32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\igdumd32.dll
[2014/05/14 15:09:57 | 000,000,010 | ---- | M] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
[2014/05/12 10:07:29 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/12 10:07:29 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/12 10:07:29 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/04 22:39:27 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1399914448080
[2014/05/04 22:39:27 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1399914448080
[2014/05/04 22:39:27 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 22:39:27 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 22:39:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 22:39:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 22:39:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 22:39:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 22:39:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
========== Files Created - No Company Name ==========
 
[2014/05/22 21:06:08 | 001,815,229 | ---- | C] () -- C:\Users\Owner\Desktop\V-bates-Trovi-DuckDuckGo..2.pdf
[2014/05/22 21:01:33 | 001,326,389 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner_3.210.exe
[2014/05/22 20:15:34 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/05/22 19:52:50 | 001,854,960 | ---- | C] () -- C:\Users\Owner\Desktop\V-bates-Trovi-DuckDuckGo..INSTRUCTIONS.pdf
[2014/05/15 15:13:17 | 000,001,698 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2014/05/15 12:50:11 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2014/05/15 12:50:11 | 000,000,046 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2014/05/15 12:45:54 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\olepro32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumdx32.dll
[2014/05/14 15:13:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\igdumd32.dll
[2014/05/14 15:09:57 | 000,000,010 | ---- | C] () -- C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
[2014/05/04 22:39:29 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/03/17 18:03:57 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2014/03/17 18:03:20 | 000,000,075 | ---- | C] () -- C:\Windows\Crypkey.ini
[2014/03/17 18:03:10 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2014/03/17 18:03:10 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2014/03/17 18:03:10 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2014/01/16 15:56:08 | 000,014,034 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2014/01/08 21:32:57 | 000,000,070 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2014/01/02 11:31:26 | 000,681,280 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/01/02 11:30:57 | 000,073,469 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/01/02 11:18:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2014/01/02 11:18:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/01/02 11:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/01/02 11:08:27 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/10/20 18:04:35 | 000,775,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/15 15:36:23 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/03/31 04:14:12 | 000,000,165 | ---- | C] () -- C:\Windows\WINÙS…ÏÈ.INI
[2012/06/24 11:15:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/06/07 20:57:11 | 000,000,288 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\.backup.dm
[2012/05/07 09:51:39 | 000,043,008 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 10:53:34 | 000,007,622 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/05/20 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\abelhadigital.com
[2013/12/08 20:23:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2012/03/30 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DRPSu
[2013/06/18 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
[2013/01/03 18:36:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flo & Seb Engineering
[2013/06/27 17:07:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IrfanView
[2012/06/27 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MP3Rocket
[2012/04/15 12:54:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Netscape
[2014/03/25 16:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera Software
[2013/05/02 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2012/04/04 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCDr
[2012/05/31 09:56:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
[2014/05/11 22:48:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2012/11/24 02:25:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RCKR
[2014/05/20 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SandSComputing
[2013/12/29 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SSDir
[2012/04/04 17:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\tmp
[2014/05/16 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
(whew) There they all are.  :D

 


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

(whew) There they all are. :D


Well done, the logs are looking good. :)

Now, let's use a different tool and see if Hitman Pro is being hidden in your Add/Remove programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the step.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. In your case, you will need to download the 64 Bit Version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

FRST Log

Addition.txt Log

  • 0

#13
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Below these logs, I have a question for you.

 

ADDITION TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2014
Ran by Owner at 2014-05-23 06:57:06
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced Video FX Engine (HKLM-x32\...\Advanced Video FX Engine) (Version:  - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.8.8 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.196.8 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1106.101.115 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Fdrawcmd.sys 1.0.1.11 (HKLM-x32\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6304.0 - IDT)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Live! Cam Avatar v1.0 (HKLM-x32\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
SewIconz (HKLM\...\{A4E3AD0C-C757-47C0-B66B-341EDF6D74A2}) (Version: 1.7.7 - S & S Computing)
SewWhat-Pro (HKLM\...\{F402D1E3-5FBB-4D83-A6AE-67CA37CBD2DA}) (Version: 3.7.3 - S & S Computing)
SewWrite (HKLM\...\{8397C1C5-39CA-4D5E-A798-50B5E6C6ABCB}) (Version: 1.2.1 - S & S Computing)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wilcom TrueSizer e3.0 (HKLM-x32\...\{E801DDB4-3CFC-496E-9E04-781EC2445D82}) (Version: 17.0.165.7422 - Wilcom)
Wilcom TrueSizer e3.0 (x32 Version: 17.0.107.7371 - Wilcom) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
21-05-2014 10:27:24 Windows Update
21-05-2014 16:17:20 Removed Embroidery Fonts Plus
23-05-2014 03:51:34 OTL Restore Point - 5/22/2014 8:51:32 PM
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2013-06-08 18:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0186BC8C-6118-4EBE-83EF-487404E6F286} - System32\Tasks\{4946BCB4-05D9-46AB-BFFF-A364302998E2} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {0FA78865-6ED5-46EF-8410-A6F906810811} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {10B054CB-BF30-413D-AEC6-0934026BB1E4} - System32\Tasks\{EA2718E5-EADF-4C3B-A7E3-DD146E57A6F1} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {1A3863E4-1FF5-4BD2-8503-2F04EAC8B212} - System32\Tasks\{869E56A5-3FBD-4741-8992-8F56EC129684} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {2374B056-B2D0-4F96-BA87-42CEAA9CE204} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {2828F39F-5E42-4467-B8F7-C9786592C35C} - System32\Tasks\{D5D65463-BDC6-4CC1-B37E-01A2BE394278} => C:\Users\Owner\Downloads\theword-setup-en.exe
Task: {2BE13359-EE8E-4F20-829E-6348CFBF0925} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe
Task: {365DEE64-D5B8-4EC3-8523-D4AF04F1B916} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3B4D5F85-2813-4DFA-B387-3A00B0BB0347} - System32\Tasks\{C65D3726-9DDE-43CC-8E71-F3C46EAC595C} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {3BC46F9A-7FAD-44C7-92F3-24118C8C40EA} - System32\Tasks\{91BC6A50-AD8C-4491-AF20-E8E0E17BD2FB} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {3E21233D-E355-4629-B6D9-0354DFB8A738} - System32\Tasks\{C5412217-FE30-406A-8044-85CD0E5F2F04} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {418DFC5D-B9C4-4155-B788-7B963EAC3CF3} - System32\Tasks\{F9F3F3C2-F160-4201-B37B-FD83C67CC32C} => C:\Program Files\S &amp; S Computing\SewWrite\SewWrite.exe
Task: {44C4ED48-FDBF-4A5E-B38B-06E378296217} - System32\Tasks\{C8588C6C-E0D7-4EF3-8C89-2F9063F89977} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {46A4D31F-55FD-4361-8E30-D20DE13A17D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {47A97839-94C2-4E42-88C3-AD8C100BEE72} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {498975F3-5709-42B0-AC4D-3D4AE48D1401} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4B91227D-7C65-4758-8BE1-8B9F9E6D711B} - System32\Tasks\{05B86A2B-FBBD-49B1-9895-8BE6D2831A72} => C:\Program Files (x86)\EmbFontsPlus\EmbFontsPlus.exe
Task: {4BDD85D9-B076-444E-B3BA-3581FC038FF5} - System32\Tasks\{BC3A7F5E-6EF4-44D5-80CC-8A9EFC366EBF} => C:\Users\Owner\Downloads\ImageResizerPowertoySetup.exe
Task: {4D08AA97-B65B-4E3B-AE53-3AF7A2FF9B74} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {4F637A1D-420F-43B0-822D-77232800CECC} - System32\Tasks\{598904D4-9903-4CAC-B2FD-53CB13C0E1AA} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {4FBB9B12-FC8A-4923-97DD-7AC30A733F0E} - System32\Tasks\{E0D22C84-A5DF-4923-A674-580E27A47A51} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-04] (AVAST Software)
Task: {5058DB18-89A9-4491-A8FC-55BE0FC2B2F0} - System32\Tasks\{39B21596-6CDB-4339-9F1F-92767553C2E9} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {52D9DFD4-A0BF-44E2-B9D2-8236F50104C8} - System32\Tasks\{75AA678A-37A6-4B6C-B664-731F71212E4A} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {55AD3426-13CF-44B7-9AE5-96468E27B745} - System32\Tasks\{051A394C-E930-4625-A315-00FDFDD1DB0E} => C:\Program Files\S &amp; S Computing\SewWhat-Pro\SewWhat-Pro.exe
Task: {5B60044F-457D-4EFF-BCDC-C6716CB893CF} - System32\Tasks\{96BBB182-4A2A-454B-8D5A-FEB5267606FE} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {69C265B7-91A8-4146-955C-DD3B8B101E87} - System32\Tasks\{E524DD98-7C17-4AAC-ADF1-65034E4A736E} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {6B6DB86C-AA88-49FB-8729-281393041611} - System32\Tasks\{9B9A4A46-5ADA-48CB-89AE-5FEE51B70C92} => C:\Program Files\S &amp; S Computing\SewWhat-Pro\SewWhat-Pro.exe
Task: {756D02E7-7945-45A7-8796-06B495B4007B} - System32\Tasks\{81447682-8761-489A-B298-134796C22A20} => C:\Program Files (x86)\Wilcom\TrueSizer_e3.0\BIN\DESLOADR.exe [2013-11-15] (Wilcom Pty Ltd)
Task: {8B7B1722-EAF0-426D-99AF-91BF28DFF13C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {AE345A54-F492-4C1C-AD39-B77B5B53D330} - System32\Tasks\{2D2AE3E3-E563-40F9-9794-67C0AC9CE458} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-04] (AVAST Software)
Task: {B6A20B03-626D-46B8-92B2-388631C7909B} - System32\Tasks\{ACCF7067-5AE1-4C15-B501-5F756307DAA6} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {B9F3F647-9724-4263-8B37-7706E4414B7D} - System32\Tasks\{4DCE1B12-0EA4-49CA-8240-C288F4AD0B01} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-04] (AVAST Software)
Task: {BC414DBE-5FFE-4C31-95D9-116ADEECAEF8} - System32\Tasks\{7C1CBE4E-777B-460D-80B8-15D8E840008E} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {BEB03B06-754E-4098-987B-B02D9C31F6A6} - System32\Tasks\{B36EEF1D-5092-474C-AA1E-C5B2846BD77D} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {C0647D69-2890-45AF-88C3-FE735B10D142} - System32\Tasks\{B75EBC3A-FBEE-41F7-BC49-CB4B8E96550D} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-04] (AVAST Software)
Task: {C42DD992-CACD-4557-8E5A-257D7AABB967} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {C543F930-A497-496F-8B11-39E52DB8D94D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {CE1D70AE-F4DD-4ABD-ADEB-568D1E18C8DA} - System32\Tasks\{ED522B71-8BC0-4B30-8DD3-B865A863C75D} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {D1777774-EF9B-4E18-83B5-8F314BF03929} - System32\Tasks\{E1DEA588-515C-482C-B2E5-9CCC21BCCF07} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {D1A22147-93DC-4890-819D-4847F87B6D53} - System32\Tasks\{DF0622E8-2744-4F04-9EDD-128FC0836173} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {D3664F90-0FBB-499D-8A08-94012C8DBC9B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D60BC5FD-AE90-4932-AB71-7C7D8EA2FF42} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1837369184-1756073175-2637968707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {D7160E87-24DC-49C3-BD13-8EA0F7BA30B6} - System32\Tasks\{6D2C417B-AE80-4E74-B04C-608AFB89BE40} => C:\Program Files (x86)\AnvSoft\Any Video Converter\VideoConverter.exe
Task: {DD21DB21-DDE5-4547-9185-4CEDEBC89542} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.)
Task: {DE05671A-C370-4EC8-AF3C-D6ACC2215AB3} - System32\Tasks\{19F9FBAC-E016-4D23-AD49-6E7491D9FB23} => C:\Program Files (x86)\SophieSew\SophieSew.exe
Task: {E0658E01-CD23-4E2E-820D-FD4F270165CF} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {EBE7424F-9E89-4DB3-BEC1-6F4525FAFF20} - System32\Tasks\{CAEA635E-E004-454B-8D57-5778915BA92E} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {EC0D5509-3E70-4244-8C56-B2B129A7697C} - System32\Tasks\{1AC9DC92-A195-4E49-BAF8-7AE5730E1070} => C:\Program Files (x86)\Photodex\ProShowGold\proshow.exe
Task: {F9B9EF54-2139-40CD-813B-EC5DAB428409} - System32\Tasks\{AF38A006-6ED9-4C2E-9882-F8606217256F} => C:\Program Files (x86)\AnvSoft\Any Video Converter\VideoConverter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-06 14:40 - 2013-10-23 16:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-22 10:00 - 2014-05-22 10:00 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052200\algo.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2013-12-08 16:14 - 2013-12-08 16:14 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-12 09:13 - 2014-02-12 09:13 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3acf9fa8ed5034da0f3662d7b1c51991\IsdiInterop.ni.dll
2012-03-30 14:26 - 2011-10-17 15:08 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-05-22 12:26 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-22 12:26 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-22 12:26 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 12:26 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 12:26 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk => C:\Windows\pss\Orbit.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skitch => C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (05/23/2014 06:49:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The wntpport service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-03-30 14:28:02.978
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-03-30 14:28:02.963
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\Impcd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 62%
Total physical RAM: 3894.7 MB
Available physical RAM: 1479.47 MB
Total Pagefile: 7787.58 MB
Available Pagefile: 5024.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.99 GB) (Free:211.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B222B86E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
FRST LOG:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by Owner (administrator) on LISADAY on 23-05-2014 06:56:06
Running from C:\Users\Owner\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell) C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7142400 2012-03-30] (Broadcom Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [371712 2010-01-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-10-14] (IDT, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1837369184-1756073175-2637968707-1000\...\Run: [DellSystemDetect] => C:\Users\Owner\AppData\Local\Apps\2.0\0DA0XVBE.HDP\OY9K5BEM.EEP\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe [253952 2014-02-26] (Dell)
HKU\S-1-5-21-1837369184-1756073175-2637968707-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1837369184-1756073175-2637968707-1000\...\Policies\system: [DisableLockWorkstation] 0
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA679B081460CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/supp...t/Ode/pcd86.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2014-05-11]
FF Extension: ColorfulTabs - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-14]
FF Extension: DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-11]
FF Extension: Flash and Video Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-05-14]
FF Extension: Bitdefender QuickScan - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-01-02]
FF Extension: NoSquint - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2013-06-02]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\[email protected] [2014-05-11]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2014-04-15]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-07-18]
FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vwstv49y.default-1370233802399\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.140_0\npqscan.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Reallusion CT4Player for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll ( )
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Splendid) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd [2014-03-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Adblock Plus) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-09]
CHR Extension: (Adblock for Youtube™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-02-09]
CHR Extension: (avast! Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-09]
CHR Extension: (Planner 5D) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-10-21]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Current Moon Phase -N.Hemisphere) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oampnkjpomgmmphfoedhihefpbjhjamo [2014-02-09]
CHR Extension: (Earth map) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\opmibphegngmljhikklndacjdpkmhocp [2014-02-13]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-02-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] ()
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5830656 2012-03-30] (Broadcom Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] ()
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-04] ()
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (simonowen.com)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SydexFDD; C:\Windows\SysWOW64\Drivers\sydexfdd.sys [13359 2012-10-16] (Windows ® 2000 DDK provider)
S2 wntpport; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 06:56 - 2014-05-23 06:56 - 00018265 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-05-23 06:55 - 2014-05-23 06:56 - 00000000 ____D () C:\FRST
2014-05-23 06:53 - 2014-05-23 06:53 - 02067456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-05-22 23:23 - 2014-05-22 23:23 - 25685018 _____ () C:\Users\Owner\Documents\bookmarks_5_22_14.html
2014-05-22 21:30 - 2014-05-22 21:30 - 00000965 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-05-22 21:15 - 2014-05-22 21:15 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-05-22 21:14 - 2014-05-22 21:14 - 00003168 _____ () C:\Users\Owner\Desktop\AdwCleaner[S1].txt
2014-05-22 21:03 - 2014-05-22 21:09 - 00000000 ____D () C:\AdwCleaner
2014-05-22 21:03 - 2014-05-22 21:03 - 00007576 _____ () C:\Users\Owner\Desktop\OTL Fix.log
2014-05-22 21:01 - 2014-05-22 21:01 - 01326389 _____ () C:\Users\Owner\Desktop\adwcleaner_3.210.exe
2014-05-22 20:51 - 2014-05-22 20:51 - 00000000 ____D () C:\_OTL
2014-05-22 20:15 - 2014-05-22 20:15 - 00001805 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-05-22 20:15 - 2014-05-22 20:15 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-05-22 20:02 - 2014-05-22 20:03 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-05-22 06:30 - 2014-05-22 06:30 - 00042938 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-05-22 06:28 - 2014-05-22 21:50 - 00093946 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-05-22 06:17 - 2014-05-22 06:17 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-05-22 05:59 - 2014-05-23 06:49 - 00000620 _____ () C:\Windows\error.log
2014-05-22 05:59 - 2014-05-23 06:49 - 00000280 _____ () C:\Windows\setupact.log
2014-05-22 05:59 - 2014-05-22 05:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-22 05:58 - 2014-05-23 06:49 - 00000140 _____ () C:\Windows\errord.log
2014-05-22 05:58 - 2014-05-22 21:11 - 00002334 _____ () C:\Windows\PFRO.log
2014-05-20 23:52 - 2014-05-21 12:26 - 00000000 ___RD () C:\Users\Owner\Desktop\Storage for John
2014-05-17 11:03 - 2014-05-17 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-16 20:35 - 2014-05-16 20:35 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-05-16 20:35 - 2014-05-16 20:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-16 20:20 - 2014-05-16 20:34 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-16 20:05 - 2014-05-16 20:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-05-16 19:54 - 2014-05-17 00:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-16 19:54 - 2014-05-16 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-05-16 19:51 - 2014-05-17 00:48 - 00000000 ____D () C:\ProgramData\Avg
2014-05-16 19:51 - 2014-05-17 00:48 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-15 18:35 - 2014-05-15 18:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-15 17:00 - 2014-05-16 23:08 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 17:00 - 2014-05-16 23:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-15 15:13 - 2014-05-15 15:13 - 00001698 _____ () C:\Windows\system32\.crusader
2014-05-15 13:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-15 12:50 - 2014-05-15 12:50 - 00000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2014-05-15 12:50 - 2014-05-15 12:50 - 00000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2014-05-15 12:50 - 2014-05-15 12:50 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2014-05-15 12:45 - 2014-05-15 12:45 - 00000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-05-14 15:09 - 2014-05-14 15:09 - 00000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2014-05-14 14:46 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-05-14 06:09 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 06:09 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 06:09 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 06:09 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 06:09 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:09 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 04:40 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 04:40 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 04:40 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 04:40 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 04:40 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 04:40 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 04:40 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 04:40 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 04:40 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 04:40 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 04:40 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 04:40 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 04:40 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 04:40 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 04:40 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 04:40 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 04:40 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 04:40 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 04:40 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 04:40 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 04:40 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 04:40 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 04:40 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-12 17:15 - 2014-05-15 15:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-10 00:09 - 2014-05-15 13:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-04 22:39 - 2014-05-04 22:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 22:39 - 2014-05-04 22:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 02:19 - 2014-05-04 02:19 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-05-04 02:19 - 2014-05-04 02:19 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-30 11:13 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 11:13 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 11:13 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-30 11:13 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-30 11:12 - 2014-05-14 09:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 11:12 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-30 11:12 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 11:12 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 11:12 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 11:12 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 11:12 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 11:12 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 11:12 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 11:12 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 11:12 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-30 11:12 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 11:12 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 11:12 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 11:12 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-30 11:12 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-30 11:12 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 11:12 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 11:12 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-30 11:12 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-30 11:12 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-30 11:12 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-30 11:12 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 11:12 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-30 11:12 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-30 11:12 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-30 11:12 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 11:12 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-30 11:12 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 11:12 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-30 11:12 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-30 11:12 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 11:12 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-30 11:12 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-30 11:12 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-30 11:12 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 11:12 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 11:12 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 11:12 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-30 11:12 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-30 11:12 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 06:56 - 2014-05-23 06:56 - 00018265 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-05-23 06:56 - 2014-05-23 06:55 - 00000000 ____D () C:\FRST
2014-05-23 06:56 - 2012-03-30 14:15 - 01992698 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 06:55 - 2012-03-30 19:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-05-23 06:53 - 2014-05-23 06:53 - 02067456 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-05-23 06:50 - 2013-10-21 12:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 06:50 - 2013-10-21 12:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 06:49 - 2014-05-22 05:59 - 00000620 _____ () C:\Windows\error.log
2014-05-23 06:49 - 2014-05-22 05:59 - 00000280 _____ () C:\Windows\setupact.log
2014-05-23 06:49 - 2014-05-22 05:58 - 00000140 _____ () C:\Windows\errord.log
2014-05-23 06:49 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 00:18 - 2014-03-26 14:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 23:23 - 2014-05-22 23:23 - 25685018 _____ () C:\Users\Owner\Documents\bookmarks_5_22_14.html
2014-05-22 22:24 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 21:50 - 2014-05-22 06:28 - 00093946 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-05-22 21:30 - 2014-05-22 21:30 - 00000965 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-05-22 21:18 - 2009-07-13 21:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 21:18 - 2009-07-13 21:45 - 00015136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 21:15 - 2014-05-22 21:15 - 01016261 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-05-22 21:14 - 2014-05-22 21:14 - 00003168 _____ () C:\Users\Owner\Desktop\AdwCleaner[S1].txt
2014-05-22 21:11 - 2014-05-22 05:58 - 00002334 _____ () C:\Windows\PFRO.log
2014-05-22 21:09 - 2014-05-22 21:03 - 00000000 ____D () C:\AdwCleaner
2014-05-22 21:06 - 2012-07-06 14:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\CutePDF Writer
2014-05-22 21:03 - 2014-05-22 21:03 - 00007576 _____ () C:\Users\Owner\Desktop\OTL Fix.log
2014-05-22 21:01 - 2014-05-22 21:01 - 01326389 _____ () C:\Users\Owner\Desktop\adwcleaner_3.210.exe
2014-05-22 20:51 - 2014-05-22 20:51 - 00000000 ____D () C:\_OTL
2014-05-22 20:15 - 2014-05-22 20:15 - 00001805 _____ () C:\Users\Owner\Desktop\aswMBR.txt
2014-05-22 20:15 - 2014-05-22 20:15 - 00000512 _____ () C:\Users\Owner\Desktop\MBR.dat
2014-05-22 20:03 - 2014-05-22 20:02 - 04745728 _____ (AVAST Software) C:\Users\Owner\Desktop\aswmbr.exe
2014-05-22 06:30 - 2014-05-22 06:30 - 00042938 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-05-22 06:17 - 2014-05-22 06:17 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-05-22 05:59 - 2014-05-22 05:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-21 12:26 - 2014-05-20 23:52 - 00000000 ___RD () C:\Users\Owner\Desktop\Storage for John
2014-05-21 11:30 - 2012-03-30 14:19 - 00000000 ____D () C:\Users\Owner
2014-05-21 09:19 - 2012-03-31 00:46 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-05-21 09:17 - 2014-01-24 17:28 - 00000000 ____D () C:\Program Files (x86)\EmbFontsPlus
2014-05-21 09:10 - 2012-06-23 21:02 - 00000000 ____D () C:\MyAudio
2014-05-21 08:38 - 2012-06-23 20:59 - 00000000 ____D () C:\Program Files (x86)\AoA Audio Extractor
2014-05-20 22:00 - 2013-03-31 03:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SandSComputing
2014-05-18 11:29 - 2012-07-09 10:28 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-17 23:39 - 2013-02-06 20:41 - 00000000 ____D () C:\Users\Owner\Documents\My Kindle Content
2014-05-17 11:03 - 2014-05-17 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-17 10:56 - 2012-04-04 11:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-05-17 08:30 - 2012-05-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
2014-05-17 08:16 - 2012-03-31 00:49 - 00000000 ____D () C:\Users\Owner\AppData\Local\Amazon
2014-05-17 07:17 - 2009-07-13 22:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-17 00:58 - 2012-03-30 14:35 - 00000000 ____D () C:\Support
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\ProgramData\Avg
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-17 00:40 - 2014-05-16 19:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-17 00:34 - 2012-04-19 21:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-16 23:04 - 2014-02-09 06:34 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000
2014-05-16 23:04 - 2013-02-12 11:42 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000
2014-05-16 23:04 - 2012-04-11 15:36 - 00003206 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1837369184-1756073175-2637968707-1000
2014-05-16 20:35 - 2014-05-16 20:35 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-05-16 20:35 - 2014-05-16 20:35 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-05-16 20:34 - 2014-05-16 20:20 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-05-16 20:34 - 2012-07-19 22:04 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
2014-05-16 20:34 - 2012-03-30 15:10 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2014-05-16 20:05 - 2014-05-16 20:05 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\TuneUp Software
2014-05-16 19:54 - 2014-05-16 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\MFAData
2014-05-15 18:35 - 2014-05-15 18:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-15 15:13 - 2014-05-15 15:13 - 00001698 _____ () C:\Windows\system32\.crusader
2014-05-15 15:13 - 2014-05-12 17:15 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 13:08 - 2014-05-10 00:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-15 13:08 - 2012-03-30 19:18 - 00000000 ____D () C:\ProgramData\Skype
2014-05-15 12:56 - 2012-03-30 14:20 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 12:50 - 2014-05-15 12:50 - 00000408 _____ () C:\Users\Owner\AppData\Roaming\CamShapes.ini
2014-05-15 12:50 - 2014-05-15 12:50 - 00000408 _____ () C:\Users\Owner\AppData\Roaming\CamLayout.ini
2014-05-15 12:50 - 2014-05-15 12:50 - 00000046 _____ () C:\Users\Owner\AppData\Roaming\Camdata.ini
2014-05-15 12:45 - 2014-05-15 12:45 - 00000096 _____ () C:\Users\Owner\AppData\Roaming\version2.xml
2014-05-14 15:34 - 2014-01-02 11:31 - 00681280 _____ () C:\Users\Owner\AppData\Local\census.cache
2014-05-14 15:34 - 2014-01-02 11:30 - 00073469 _____ () C:\Users\Owner\AppData\Local\ars.cache
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\olepro32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2014-05-14 15:13 - 2014-05-14 15:13 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2014-05-14 15:09 - 2014-05-14 15:09 - 00000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2014-05-14 12:37 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 09:37 - 2012-03-30 14:20 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:34 - 2014-04-30 11:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 06:08 - 2013-08-14 22:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 06:07 - 2012-03-31 01:14 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 03:24 - 2013-05-02 17:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-13 18:18 - 2014-03-26 14:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 18:18 - 2014-03-26 14:34 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 18:18 - 2014-03-26 14:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 10:07 - 2014-01-05 19:57 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 10:07 - 2012-03-30 15:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 10:07 - 2012-03-30 15:59 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 10:05 - 2014-02-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 22:48 - 2014-01-02 11:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\QuickScan
2014-05-09 14:18 - 2014-04-10 14:13 - 00000000 ____D () C:\Program Files\Common Files\S&S Shared
2014-05-09 14:18 - 2014-02-06 09:05 - 00002063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SewWhat Pro64.lnk
2014-05-08 23:14 - 2014-05-14 04:40 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-08 23:11 - 2014-05-14 04:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:45 - 2013-10-21 12:21 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 06:45 - 2013-10-21 12:21 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-05 21:40 - 2014-05-14 06:09 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:17 - 2014-05-14 06:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:25 - 2014-05-14 06:09 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:07 - 2014-05-14 06:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 20:00 - 2014-05-14 06:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-14 06:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 22:39 - 2014-05-04 22:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 22:39 - 2014-05-04 22:39 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 22:39 - 2013-03-06 09:22 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-04 22:39 - 2013-03-06 09:22 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-04 22:39 - 2012-03-30 18:48 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-04 22:39 - 2012-03-30 15:59 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399914448080
2014-05-04 22:39 - 2012-03-30 15:59 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399914448080
2014-05-04 22:39 - 2012-03-30 15:59 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-04 22:39 - 2012-03-30 15:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-04 02:19 - 2014-05-04 02:19 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-05-04 02:19 - 2014-05-04 02:19 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-04-30 11:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-30 11:08 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
 
Files to move or delete:
====================
C:\Users\Owner\AppData\Roaming\CamLayout.ini
C:\Users\Owner\AppData\Roaming\CamShapes.ini
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-19 18:00
 
==================== End Of Log ============================
 
 
 
 
I found Hitman Pro in there a couple times. :yes:
 
I noticed a few things in the logs and I was wondering if it might be possible for you to help me to completely uninstall or get rid of a few things? (That is, 'if' these things are actually still hanging around....because I absolutely don't know what I'm reading...   :o )
 
I definitely  want to join GeekU!! I am so interested in this!  :blush:
 
(Are these things just parts and pieces still hanging around of things that I downloaded?)

Under "Disabled Items from MSCONFIG"

oovoo
paltalk
dropbox
orbit
real player
skitch
emb fonts plus
 
Under "One Month Created Files and Folders"
 
Movie Maker 2.6
Revo? (I think I downloaded this to try to get rid of some things) 
 
Anyway, let me know if you can or cant help me with this. I am very grateful for your help. 

  • 0

#14
Elisheba

Elisheba

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh yea, and by the looks of the logs, does it seem as if avg and spybot aren't completely uninstalled too? 


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I found Hitman Pro in there a couple times. :yes:


Hello :) It's not showing now in the installed programs list for some reason. I'll remove what I can see to get rid of it.
 

I noticed a few things in the logs and I was wondering if it might be possible for you to help me to completely uninstall or get rid of a few things? (That is, 'if' these things are actually still hanging around....because I absolutely don't know what I'm reading... :o )


I certainly can :) The items in the msconfig area are indeed leftovers, and are of no threat to the machine. They are disabled and are taking up no memory or system resources. We can remove the msconfig entries if you wish, but they are causing no harm. :)
 

I definitely want to join GeekU!! I am so interested in this! :blush:


We need all the malware fighters we can get :) You can apply to GeekU by clicking this link: http://www.geekstogo...-fight-malware/
 

Under "One Month Created Files and Folders"

Movie Maker 2.6
Revo? (I think I downloaded this to try to get rid of some things)

Oh yea, and by the looks of the logs, does it seem as if avg and spybot aren't completely uninstalled too?


I've included these things in the fix and they will be removed. Let's run a fix with Farbar's Recovery Scan tool. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {0FA78865-6ED5-46EF-8410-A6F906810811} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {1BF428C8-8855-4C2F-8DA8-D3864A82EBEE} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
C:\Program Files (x86)\Ask.com
2014-05-12 17:15 - 2014-05-15 15:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-17 11:03 - 2014-05-17 11:03 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\ProgramData\Avg
2014-05-17 00:48 - 2014-05-16 19:51 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-05-17 00:40 - 2014-05-16 19:54 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-17 00:34 - 2012-04-19 21:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-16 23:08 - 2014-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-05-17 08:30 - 2012-05-20 19:12 - 00000000 ____D () C:\Program Files (x86)\Movie Maker 2.6
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP