Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Netbook Locked by Scam Ransom Ware. [Closed]


  • This topic is locked This topic is locked

#1
Dave 77 HD

Dave 77 HD

    New Member

  • Member
  • Pip
  • 8 posts

Hi Everybody.

 

New on here.

 

Late last night a screen appeared and said that it was from the Metropolitan Police and Cheshire Constabulary saying I had been to some sites and now my netbook had been locked and that they wanted £100 within 48 hours.

 

So I pulled off my battery and then put it back on.  

The screen reappeared, so I repeated the above, and then started the netbook in safe mode. 

 

I then did a system restore, I had to do did this twice as the first time didn't work.

 

The netbook seems OK now.

But a friend told me to come on here and start a topic on my problem asking for advice.

 

So hopefully someone can help me to see if it's gone or still lurking.

 

Thanks in advance.

 

Just ran a scan with OTL below are the results.

 

 

OTL logfile created on: 7/14/2014 6:33:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1011.87 Mb Total Physical Memory | 211.27 Mb Available Physical Memory | 20.88% Memory free
1.99 Gb Paging File | 0.52 Gb Available in Paging File | 26.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.72 Gb Total Space | 165.30 Gb Free Space | 76.27% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.36 Gb Free Space | 11.35% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.77% Space Free | Partition Type: FAT32
 
Computer Name: HP | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/14 18:33:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2014/07/14 13:46:15 | 000,851,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
PRC - [2014/07/14 05:28:54 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/14 05:28:51 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/06/27 17:42:34 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/06/27 17:42:34 | 000,822,880 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
PRC - [2014/06/27 17:42:24 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2014/06/23 17:27:10 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2014/05/30 09:21:36 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/20 08:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/07/18 21:34:19 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/30 14:26:56 | 001,138,780 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/06/30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/08 09:13:00 | 000,078,904 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 18:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/03/02 00:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/03/02 00:42:58 | 000,490,656 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\BtvStack.exe
PRC - [2011/03/02 00:42:54 | 000,302,240 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe
PRC - [2011/03/02 00:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/02/16 00:48:56 | 002,913,336 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2011/02/16 00:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/27 20:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/01 15:26:42 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
PRC - [2010/11/09 23:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 23:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 08:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/11 10:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2009/03/02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/14 05:29:31 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/14 05:29:05 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/05/16 14:20:00 | 009,923,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\c2a012f7b5391329eeb3adc7d0b75a14\System.Data.Entity.ni.dll
MOD - [2014/05/16 14:15:09 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0eef5f1e5c15e0171152ee8f1cfc6924\IAStorUtil.ni.dll
MOD - [2014/05/15 17:31:01 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/15 17:29:47 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/05/15 17:29:36 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6b0a1d4b63fb0ef68c0c1cd107ce9ba4\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 17:29:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014/05/15 17:28:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014/03/04 06:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/16 01:20:08 | 001,917,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Speech\f329d46d78f2575ffd0927723cd8b74c\System.Speech.ni.dll
MOD - [2014/02/16 01:19:09 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\801b632b8b7ef72f14333dbce41524b8\System.Xml.Linq.ni.dll
MOD - [2014/02/16 01:15:19 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/15 20:44:10 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
MOD - [2014/02/15 20:11:25 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/15 20:11:23 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b1f7b4e15aef3faf382db6ba14c81371\IAStorCommon.ni.dll
MOD - [2014/02/13 19:41:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/02/13 19:39:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014/02/13 19:35:45 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/02/13 19:32:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/13 19:31:23 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/13 19:30:58 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/02/13 19:29:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/13 19:28:56 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/13 19:28:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/13 19:27:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/13 19:26:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/06/20 08:58:03 | 000,391,040 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2012/08/06 10:54:24 | 009,843,640 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2012/03/26 21:05:47 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/03/21 20:15:37 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/07 04:20:10 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012/02/07 04:20:06 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/04/19 19:05:58 | 003,622,128 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll
MOD - [2010/12/01 15:26:40 | 000,195,584 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll
MOD - [2010/12/01 15:26:38 | 000,400,384 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll
MOD - [2010/12/01 15:26:38 | 000,375,808 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll
MOD - [2010/12/01 15:26:38 | 000,322,048 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll
MOD - [2010/12/01 15:26:38 | 000,013,312 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll
MOD - [2010/12/01 15:26:36 | 002,452,992 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll
MOD - [2010/12/01 15:26:36 | 001,008,640 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll
MOD - [2010/12/01 15:26:36 | 000,062,464 | ---- | M] () -- C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll
MOD - [2010/11/20 22:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/11 10:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 14:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 10:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/24 11:21:04 | 000,904,704 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
MOD - [2010/06/24 02:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 06:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 06:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/02 03:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/02 03:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/02 03:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/02 03:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/14 15:36:39 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/14 05:28:51 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/06/27 17:42:34 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/06/10 22:03:38 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/05/30 09:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/03/11 23:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/11 23:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/30 14:26:56 | 000,282,706 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/02 00:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/02 00:42:52 | 000,072,864 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/02/16 00:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/11/09 23:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/11 10:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2009/03/02 19:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/07/14 05:31:52 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/14 05:29:52 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm)
DRV - [2014/07/14 05:29:51 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/07/14 05:29:51 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/14 05:29:47 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/14 05:29:46 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/14 05:29:46 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/07/14 05:29:44 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012/02/06 04:04:17 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/06/30 14:26:56 | 000,442,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/04/21 02:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys -- (SymNetS)
DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/03/02 00:43:08 | 000,242,336 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/03/02 00:43:06 | 000,175,776 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/03/02 00:43:06 | 000,141,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/03/02 00:43:06 | 000,049,312 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/03/02 00:43:06 | 000,034,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/03/02 00:43:06 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/03/02 00:43:04 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2011/01/06 10:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\navex15.sys -- (NAVEX15)
DRV - [2011/01/06 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/06 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/06 10:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\naveng.sys -- (NAVENG)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/23 05:21:16 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/11 02:46:29 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{1CE2398B-CED9-4BC7-B92C-BE45373DE014}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{1CE2398B-CED9-4BC7-B92C-BE45373DE014}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.11.0: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.11.0: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/26 21:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014/07/14 17:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/06/27 17:47:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/06/27 17:47:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/14 05:30:03 | 000,000,000 | ---D | M]
 
[2014/01/16 20:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_1\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_1\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KNOWHOW™ APP CENTRE] C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF159D86-EE96-477C-8C22-0444E3E49D67}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5178f6ae-6fe3-11e3-b60c-74de2b91f183}\Shell - "" = AutoRun
O33 - MountPoints2\{5178f6ae-6fe3-11e3-b60c-74de2b91f183}\Shell\AutoRun\command - "" = F:\InnoTabSetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\InnoTabSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/14 17:16:20 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/07/14 17:16:11 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/07/14 05:29:38 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/14 04:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Promote Installer
[2014/07/14 02:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\C19A00E5A3B1C2F2F77C64ACEABED926
[2014/07/10 17:54:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/06/27 17:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2014/06/27 17:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2014/06/27 17:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2014/06/27 17:43:47 | 000,201,800 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2014/06/27 17:42:45 | 000,278,600 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2014/06/23 01:04:53 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\{883F5851-0DFF-4B27-82E6-9A84AEF4FAD0}
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/14 18:42:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/14 18:41:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/14 18:05:39 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 18:05:39 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/14 17:42:51 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2014/07/14 17:42:28 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/14 17:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/14 17:41:31 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/14 17:11:14 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/14 15:36:37 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/14 15:36:37 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/14 05:32:22 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/07/14 05:31:52 | 000,414,520 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/07/14 05:29:52 | 000,071,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswstm.sys
[2014/07/14 05:29:51 | 000,779,536 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/07/14 05:29:51 | 000,192,352 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/07/14 05:29:47 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/07/14 05:29:46 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/07/14 05:29:46 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/07/14 05:29:44 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/07/14 05:29:39 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/14 05:29:38 | 000,276,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/07/14 05:12:59 | 000,001,371 | ---- | M] () -- C:\Users\Dave\Desktop\Internet Explorer.lnk
[2014/06/30 02:40:16 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/30 02:36:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/06/27 17:47:49 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/06/27 17:43:47 | 000,201,800 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2014/06/27 17:43:00 | 000,001,206 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/06/27 17:42:45 | 000,278,600 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
 
========== Files Created - No Company Name ==========
 
[2014/06/27 17:47:49 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer Cloud.lnk
[2014/06/27 17:43:00 | 000,001,206 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
[2014/04/21 00:09:04 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2013/12/28 21:38:33 | 000,000,787 | ---- | C] () -- C:\Users\Dave\AppData\Local\cookies.ini
[2013/03/04 05:13:09 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/04 05:13:08 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:BC359956
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0E08FC17

< End of report >


Edited by Dave 77 HD, 14 July 2014 - 12:09 PM.

  • 0

Advertisements


#2
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Dave 77 HD,

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  :)

======================================================
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Ensure you are subscribed to this topic to receive instant email notifications of my responses.
    • Scroll to the top of this page and ensure you see the following: 6hgDYJ6.png
    • If you are not set to follow this topic, click the Follow this topic button and follow the prompts.
  • Please attempt to backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.

======================================================

Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a instructor at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.


  • 0

#3
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Dave 77 HD, 
 
Are you experiencing any symptoms or issues having restored your system? Please run the following diagnostic scans so I can ascertain the state of your computer. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your desktop.
  • Note: Run the version compatible with your system. Run both if you do not know your system's bit-type. One will run.  
  • Windows XP: Double-click FRST.exe / FRST64.exe to run the programme.
    Windows 8/7/Vista: Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
aA7bkRO.png aswMBR

  • Please download aswMBR and save the file to your desktop
  • Windows XP: Double-click aswMBR.exe to run the programme.
    Windows 8/7/Vista: Right-Click aswMBR.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
  • If you are prompted to enable the use of "Virtualization Technology", click Yes.
  • Click the AV Scan: drop down box and click C:\.
  • Click Scan
  • Upon completion, you will see Scan finished successfully. Click Save log
  • Copy the contents of the log and paste in your next reply.

Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
 
======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • aswMBR log

  • 0

#4
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam.

 

You can call me Dave.

 

Just done step 1 here are the 2  .txt files

 

Here is : FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-07-2014 01
Ran by Dave (administrator) on HP on 14-07-2014 20:16:21
Running from C:\Users\Dave\Downloads
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Intel Corporation) C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1138780 2011-06-30] (IDT, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [490656 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [302240 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [HPQuickWebProxy] => C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [78904 2011-04-08] (Hewlett-Packard Company)
HKLM\...\Run: [HPConnectionManager] => C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\...\Run: [HPOSD] => C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [KNOWHOW™ APP CENTRE] => C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\serviceManager.lnk [1225 2012-01-18] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)
HKLM\...\Run: [AgentMonitor] => C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [296520 2014-06-27] (RealNetworks, Inc.)
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKU\S-1-5-21-683868738-1508777024-2190914119-1000\...\MountPoints2: F - F:\InnoTabSetup.exe
HKU\S-1-5-21-683868738-1508777024-2190914119-1000\...\MountPoints2: {5178f6ae-6fe3-11e3-b60c-74de2b91f183} - F:\InnoTabSetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {1CE2398B-CED9-4BC7-B92C-BE45373DE014} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {1CE2398B-CED9-4BC7-B92C-BE45373DE014} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yah...psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....ch={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...kw={searchTerms}
BHO: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} ->  No File
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.11.0 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=17.0.11 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.11.0 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2012-02-01]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-27]
FF HKLM\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-01]

Chrome:
=======
CHR Extension: (Docs) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-08]
CHR Extension: (Google Drive) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-08]
CHR Extension: (YouTube) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-01]
CHR Extension: (Google Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-01]
CHR Extension: (RealDownloader) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-08]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]

========================== Services (Whitelisted) =================

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-02] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-02] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-27] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282706 2011-06-30] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-14] ()
R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-02] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [691248 2010-11-23] (Symantec Corporation)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-02] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-02] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-02] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-02] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-02] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-02] (Atheros)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2011-01-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2011-01-06] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVix86.sys [353912 2010-11-11] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\NAVENG.SYS [86008 2011-01-06] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\NAVEX15.SYS [1360760 2011-01-06] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2012-02-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-14 20:16 - 2014-07-14 20:18 - 00034629 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-07-14 20:15 - 2014-07-14 20:16 - 00000000 ____D () C:\FRST
2014-07-14 20:09 - 2014-07-14 20:09 - 01076736 _____ (Farbar) C:\Users\Dave\Downloads\FRST.exe
2014-07-14 19:00 - 2014-07-14 19:00 - 00096168 _____ () C:\Users\Dave\Downloads\OTL.Txt
2014-07-14 18:33 - 2014-07-14 18:33 - 00602112 _____ (OldTimer Tools) C:\Users\Dave\Downloads\OTL.exe
2014-07-14 17:41 - 2014-07-14 17:41 - 00000056 _____ () C:\Windows\setupact.log
2014-07-14 17:41 - 2014-07-14 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 17:16 - 2014-06-30 02:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 17:16 - 2014-06-30 02:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-14 13:52 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-14 13:49 - 2014-06-05 15:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 05:29 - 2014-07-14 05:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 03:17 - 2014-07-14 03:18 - 00000110 _____ () C:\ProgramData\RUNDLL32.EXE-1172-F.txt
2014-07-14 03:00 - 2014-07-14 03:05 - 00004696 _____ () C:\ProgramData\RUNDLL32.EXE-4504-F.txt
2014-07-14 02:34 - 2014-07-14 02:47 - 00012551 _____ () C:\ProgramData\RUNDLL32.EXE-4560-F.txt
2014-07-14 02:22 - 2014-07-14 02:29 - 00005591 _____ () C:\ProgramData\RUNDLL32.EXE-6128-F.txt
2014-07-14 02:08 - 2014-07-14 02:09 - 00045288 _____ () C:\ProgramData\RUNDLL32.EXE-16036-F.txt
2014-07-14 02:02 - 2014-07-14 02:02 - 00000000 ____D () C:\ProgramData\C19A00E5A3B1C2F2F77C64ACEABED926
2014-07-10 17:56 - 2014-06-19 00:32 - 02179072 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 17:56 - 2014-06-18 23:13 - 01791488 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 17:56 - 2014-06-18 23:09 - 01139200 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 17:54 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-06-27 17:47 - 2014-06-27 17:47 - 00001012 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-27 17:44 - 2014-06-27 17:44 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-27 17:43 - 2014-06-27 17:43 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00278600 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-06-23 01:04 - 2014-06-23 01:05 - 00000000 ____D () C:\Users\Dave\AppData\Local\{883F5851-0DFF-4B27-82E6-9A84AEF4FAD0}

==================== One Month Modified Files and Folders =======

2014-07-14 20:18 - 2014-07-14 20:16 - 00034629 _____ () C:\Users\Dave\Downloads\FRST.txt
2014-07-14 20:16 - 2014-07-14 20:15 - 00000000 ____D () C:\FRST
2014-07-14 20:09 - 2014-07-14 20:09 - 01076736 _____ (Farbar) C:\Users\Dave\Downloads\FRST.exe
2014-07-14 19:41 - 2012-04-06 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 19:41 - 2012-02-01 19:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 19:08 - 2012-07-20 13:29 - 00000000 ____D () C:\General
2014-07-14 19:00 - 2014-07-14 19:00 - 00096168 _____ () C:\Users\Dave\Downloads\OTL.Txt
2014-07-14 18:41 - 2012-04-01 01:39 - 00000000 ____D () C:\Windows\Desktop Icons Not Being Used
2014-07-14 18:33 - 2014-07-14 18:33 - 00602112 _____ (OldTimer Tools) C:\Users\Dave\Downloads\OTL.exe
2014-07-14 18:23 - 2012-01-18 16:04 - 01995971 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 18:05 - 2009-07-14 05:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 18:05 - 2009-07-14 05:34 - 00016480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 17:42 - 2012-02-01 19:15 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 17:42 - 2012-01-18 16:39 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-07-14 17:41 - 2014-07-14 17:41 - 00000056 _____ () C:\Windows\setupact.log
2014-07-14 17:41 - 2014-07-14 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 17:41 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 17:39 - 2014-05-06 20:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 17:34 - 2013-08-17 18:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 17:24 - 2012-02-06 21:09 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 17:11 - 2012-02-01 19:33 - 00000925 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-14 17:11 - 2012-02-01 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-14 17:11 - 2012-02-01 19:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-14 16:58 - 2012-04-16 00:38 - 00000000 ____D () C:\Users\Dave\AppData\Local\CrashDumps
2014-07-14 15:36 - 2012-04-06 21:16 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-14 15:36 - 2012-02-26 21:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-14 05:43 - 2012-02-01 19:15 - 00000000 ____D () C:\Program Files\Google
2014-07-14 05:32 - 2012-02-01 19:15 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 05:31 - 2012-02-01 19:15 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 05:29 - 2014-07-14 05:29 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 05:29 - 2014-04-21 00:09 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 05:29 - 2013-12-30 22:14 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-14 05:29 - 2013-03-04 05:13 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 05:29 - 2013-03-04 05:13 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 05:29 - 2012-02-26 20:58 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-14 05:29 - 2012-02-01 19:15 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-14 05:29 - 2012-02-01 19:15 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 05:29 - 2012-02-01 19:14 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 05:12 - 2012-02-01 19:35 - 00001371 _____ () C:\Users\Dave\Desktop\Internet Explorer.lnk
2014-07-14 04:56 - 2012-02-01 18:40 - 00000000 ____D () C:\Users\Dave
2014-07-14 04:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-14 04:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 04:53 - 2013-10-21 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 04:53 - 2012-02-01 19:04 - 00000000 ____D () C:\Users\Dave\AppData\Local\Hewlett-Packard_Developme
2014-07-14 04:53 - 2012-01-18 16:22 - 00000000 ____D () C:\ProgramData\Norton
2014-07-14 04:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-14 04:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2014-07-14 04:51 - 2011-07-18 21:53 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-14 04:45 - 2012-07-28 15:33 - 00000000 ____D () C:\ProgramData\Real
2014-07-14 04:45 - 2012-02-01 19:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-14 04:44 - 2012-02-01 19:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 04:18 - 2012-02-01 19:01 - 00000000 ____D () C:\Users\Dave\Documents\Bluetooth Folder
2014-07-14 03:18 - 2014-07-14 03:17 - 00000110 _____ () C:\ProgramData\RUNDLL32.EXE-1172-F.txt
2014-07-14 03:05 - 2014-07-14 03:00 - 00004696 _____ () C:\ProgramData\RUNDLL32.EXE-4504-F.txt
2014-07-14 02:47 - 2014-07-14 02:34 - 00012551 _____ () C:\ProgramData\RUNDLL32.EXE-4560-F.txt
2014-07-14 02:29 - 2014-07-14 02:22 - 00005591 _____ () C:\ProgramData\RUNDLL32.EXE-6128-F.txt
2014-07-14 02:09 - 2014-07-14 02:08 - 00045288 _____ () C:\ProgramData\RUNDLL32.EXE-16036-F.txt
2014-07-14 02:02 - 2014-07-14 02:02 - 00000000 ____D () C:\ProgramData\C19A00E5A3B1C2F2F77C64ACEABED926
2014-07-07 22:10 - 2012-06-25 01:42 - 00000000 ____D () C:\Motorcycles
2014-06-30 02:40 - 2014-07-14 17:16 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 02:36 - 2014-07-14 17:16 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 17:49 - 2012-07-28 15:35 - 00000000 ____D () C:\Users\Dave\AppData\Roaming\Real
2014-06-27 17:47 - 2014-06-27 17:47 - 00001012 _____ () C:\Users\Public\Desktop\RealPlayer Cloud.lnk
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Program Files\RealNetworks
2014-06-27 17:47 - 2012-12-26 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-06-27 17:47 - 2012-07-28 15:35 - 00000000 ____D () C:\Program Files\Real
2014-06-27 17:44 - 2014-06-27 17:44 - 00000000 ____D () C:\Program Files\Common Files\xing shared
2014-06-27 17:43 - 2014-06-27 17:43 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00505416 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00353864 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-06-27 17:42 - 2014-06-27 17:42 - 00278600 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
2014-06-23 01:05 - 2014-06-23 01:04 - 00000000 ____D () C:\Users\Dave\AppData\Local\{883F5851-0DFF-4B27-82E6-9A84AEF4FAD0}
2014-06-19 00:32 - 2014-07-10 17:56 - 02179072 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 23:13 - 2014-07-10 17:56 - 01791488 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 23:09 - 2014-07-10 17:56 - 01139200 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-09-10 00:52

==================== End Of Log ============================

 

Now here is : Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-07-2014 01
Ran by Dave at 2014-07-14 20:19:45
Running from C:\Users\Dave\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bejeweled 2 Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Blasterball 3 (Version: 2.2.0.95 - WildTangent) Hidden
Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.2.0.60 - Atheros Communications)
Bounce Symphony (Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CryptoPrevent v4.2.6 (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95 - WildTangent) Hidden
Dream Chronicles (Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (Version: 2.2.0.95 - WildTangent) Hidden
FATE (Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (Version: 2.2.0.95 - WildTangent) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Camera (HKLM\...\{CD63F5EF-A0DC-4E5E-8200-E5703531D649}) (Version: 3.2.3.132 - ArcSoft)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM\...\{D4736E41-9A74-4000-BF3E-401812E5B395}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP On Screen Display (HKLM\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Power Manager (HKLM\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP QuickWeb (HKLM\...\{ADE91712-EDDE-4262-9EC2-691BAADA55D1}) (Version: 3.0.1.9280 - Hewlett-Packard Company)
HP Setup (HKLM\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{F401B398-69A0-4273-A90E-08B15A60BB3C}) (Version: 4.0.111.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6351.0 - IDT)
Insaniquarium Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2230 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jewel Quest - Heritage (Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire (Version: 2.2.0.95 - WildTangent) Hidden
JoJo's Fashion Show (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KNOWHOW™ APP CENTRE (HKLM\...\KNOWHOW™ APP CENTRE 22447) (Version: 22447 - KNOWHOW)
Learning Lodge™ (HKLM\...\VTechDownloadManager) (Version:  - VTech)
Mah Jong Medley (Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Artifacts (Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Namco All-Stars PAC-MAN (Version: 2.2.0.95 - WildTangent) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Penguins! (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (Version: 2.2.0.95 - WildTangent) Hidden
RealDownloader (Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (Version: 2.0.0 - Hewlett-Packard) Hidden
Skip-Bo - Castaway Caper (Version: 2.2.0.95 - WildTangent) Hidden
Slingo Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Tradewinds Legends (Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Virtual Villagers - The Secret City (Version: 2.2.0.95 - WildTangent) Hidden
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
Wedding Dash (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma Deluxe (Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

15-06-2014 18:10:57 Removed Java™ 6 Update 45
17-06-2014 16:23:20 Windows Update
22-06-2014 16:16:49 Windows Update
27-06-2014 16:10:43 Windows Update
01-07-2014 17:14:09 Windows Update
06-07-2014 12:38:47 Windows Update
07-07-2014 21:25:07 avast! antivirus system restore point
10-07-2014 18:05:21 Windows Update
14-07-2014 02:28:03 Restore Operation
14-07-2014 02:45:01 avast! antivirus system restore point
14-07-2014 03:28:22 Restore Operation
14-07-2014 03:57:35 avast! antivirus system restore point
14-07-2014 04:24:10 avast! antivirus system restore point
14-07-2014 12:40:57 Windows Update
14-07-2014 16:17:58 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0730EDA9-D035-4E4B-8D1B-623FD5EB2D53} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {1A8E0C19-5ABF-46BB-866E-F4A7FFC23832} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {32618FCE-BC07-4A39-9252-2F576019BF68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-01] (Google Inc.)
Task: {4C1B37D3-5138-4219-9024-DF8F4897EAEE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {B603C8B0-9E58-40C2-9C0D-1AB59AA5F5B9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {C4F415EA-94F2-4A63-B882-83AEC55E513F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {CC2200B2-7279-42BE-BD23-78126E8C96EB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {D074AE49-5D08-4AA2-A0C0-1DB435147CBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {D610194C-5BFE-4706-AFAC-AE9725E738F8} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {E5E7023B-E4E6-40BF-8DA0-39E8397A0FE5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)
Task: {ECCDE276-B612-4AD6-AA6C-6E7D5F081DC0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software)
Task: {F3482E80-11DE-482D-B293-C3FF2AA6316C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {F903CDAB-6602-4E9E-B283-7717EBABD96D} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {FE9CDEF7-CF53-4D4C-B598-06C78AE43C7B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-683868738-1508777024-2190914119-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDave.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 05:29 - 2014-07-14 05:29 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-14 17:14 - 2014-07-14 17:14 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071400\algo.dll
2014-07-14 19:21 - 2014-07-14 19:21 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071401\algo.dll
2014-06-10 17:50 - 2014-06-10 17:50 - 00039568 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-27 17:42 - 2014-06-27 17:42 - 00861784 _____ () c:\program files\real\realplayer\RPDS\Plugins\cldplin.dll
2014-06-10 22:03 - 2014-06-10 22:03 - 00023552 _____ () C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
2012-01-18 09:27 - 2010-12-01 15:26 - 02452992 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtCore4.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00375808 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtXml4.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00322048 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\log4cplus.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00013312 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\featureController.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 01008640 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\QtNetwork4.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00195584 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\libgsoap.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00062464 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\zlib1.dll
2012-01-18 09:27 - 2010-12-01 15:26 - 00400384 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\sqlite3.dll
2012-01-18 09:27 - 2011-04-19 19:05 - 03622128 _____ () C:\Program Files\KNOWHOW\KNOWHOWAPPCENTRE\bin\plugin\libbizlplugin.dll
2014-07-14 05:29 - 2014-07-14 05:29 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-06-25 02:41 - 2013-06-20 08:58 - 00391040 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2013-06-25 02:41 - 2010-06-24 02:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2013-06-25 02:41 - 2010-07-13 14:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2013-06-25 02:41 - 2010-06-02 03:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2013-06-25 02:41 - 2010-06-02 03:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2013-06-25 02:41 - 2012-08-06 10:54 - 09843640 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2013-06-25 02:41 - 2010-06-02 03:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2013-06-25 02:41 - 2010-06-02 03:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-06-25 02:41 - 2010-07-05 10:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-06-25 02:41 - 2010-11-11 10:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2013-06-25 02:41 - 2010-06-02 06:05 - 00025600 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-25 02:41 - 2010-06-02 06:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2011-01-17 17:19 - 2012-03-21 20:15 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2010-06-24 11:21 - 2010-06-24 11:21 - 00904704 _____ () C:\Program Files\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-02-15 20:11 - 2014-02-15 20:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2012-01-18 16:03 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0E08FC17
AlternateDataStreams: C:\ProgramData\TEMP:BC359956

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 05:54:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1488

Start Time: 01cf9f82f5ef2260

Termination Time: 47

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/14/2014 05:43:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (07/14/2014 05:59:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/14/2014 05:51:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/14/2014 05:48:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (07/14/2014 05:47:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.

Error: (07/14/2014 05:42:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/14/2014 05:42:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (07/14/2014 05:42:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (07/14/2014 05:37:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.177.2222.0).

Error: (07/14/2014 03:35:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.

Error: (07/14/2014 01:59:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-1906441150

Microsoft Office Sessions:
=========================
Error: (07/14/2014 05:54:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17126148801cf9f82f5ef226047C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/14/2014 05:43:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/14/2014 05:42:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/14/2014 05:42:12 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

==================== Memory info ===========================

Percentage of memory in use: 86%
Total physical RAM: 1011.87 MB
Available physical RAM: 135.13 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 291.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:216.72 GB) (Free:164.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:12 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 33B8357E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=217 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

 

 


  • 0

#5
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam.

 

Here are the results of step 3.

 

I'll log off the site now to give you time to look at the 3 files and see if you can find anything.

 

Hope it helps.

 

Thanks in advance.

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-14 21:12:39
-----------------------------
21:12:39.824    OS Version: Windows 6.1.7601 Service Pack 1
21:12:39.824    Number of processors: 4 586 0x1C0A
21:12:39.840    ComputerName: HP  UserName:
21:12:40.713    Initialize success
21:12:40.713    VM: initialized successfully
21:12:40.729    VM: Intel CPU BiosDisabled
21:12:42.944    VM: disk I/O iaStor.sys
21:12:46.766    AVAST engine defs: 14071401
21:12:57.655    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:12:57.655    Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 3
21:12:57.780    Disk 0 MBR read successfully
21:12:57.780    Disk 0 MBR scan
21:12:57.795    Disk 0 Windows 7 default MBR code
21:12:57.811    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
21:12:57.827    Disk 0 default boot code
21:12:57.858    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       221926 MB offset 409600
21:12:57.905    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12285 MB offset 454914048
21:12:57.920    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     4063 MB offset 480073728
21:12:57.951    Disk 0 scanning sectors +488395120
21:12:58.139    Disk 0 scanning C:\Windows\system32\drivers
21:13:14.659    Service scanning
21:14:00.523    Modules scanning
21:14:21.271    Module: C:\Windows\System32\urlmon.dll  **SUSPICIOUS**
21:14:25.327    Disk 0 trace - called modules:
21:14:25.374    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:14:25.390    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bcd030]
21:14:25.405    3 CLASSPNP.SYS[8660459e] -> nt!IofCallDriver -> [0x844b0f08]
21:14:25.421    5 ACPI.sys[864b43d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84459028]
21:14:26.372    AVAST engine scan C:\
22:45:10.314    Scan finished successfully
22:54:11.853    Disk 0 MBR has been saved successfully to "C:\Users\Dave\Downloads\MBR.dat"
22:54:11.978    The log file has been saved successfully to "C:\Users\Dave\Downloads\aswMBR.txt"

 

 


  • 0

#6
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hello Dave,
 
From a first impression there does not appear to be malware present on your computer. However, there are a few items that need addressing. Please consider/carry out the following: 
 

goGMWSt.gif Multiple Anti-Virus Software Warning
 
------------------------------
 
It is inadvisable to have more than one anti-virus software installed on your computer at the same time. Doing so may:

  • Cause conflicts, negatively impacting the effectiveness of each anti-virus installed. 
  • Trigger false-positives.
  • Cause system instability/performance issues. Your system may lock up or slow down due to both products attempting to access the same file.
Please remove all but one anti-virus software from your computer. Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpland click OK. Search for and uninstall all but one of the programmes listed below
  • avast! Free Antivirus
  • Norton Internet Security
 
Did you create the following folder?
  • C:\General
     
FRST is currently saved in the wrong location. Please navigate to C:\Users\Dave\Downloads, right-click FRST.exe and click Cut. Now navigate to your Desktop, right-click your Desktop and click paste
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
    SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-683868738-1508777024-2190914119-1000\...\MountPoints2: F - F:\InnoTabSetup.exe
    HKU\S-1-5-21-683868738-1508777024-2190914119-1000\...\MountPoints2: {5178f6ae-6fe3-11e3-b60c-74de2b91f183} - F:\InnoTabSetup.exe
    AlternateDataStreams: C:\ProgramData\TEMP:0E08FC17
    AlternateDataStreams: C:\ProgramData\TEMP:BC359956
    Folder: C:\ProgramData\C19A00E5A3B1C2F2F77C64ACEABED926
    end 
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     
STEP 2
nSymGHK.png Folder Options 
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     
STEP 3
nWhGEI3.png VirusTotal Upload
  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Windows\System32\urlmon.dll 
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
     
======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • Did you remove one anti-virus?
  • Did you create the folder?
  • Fixlog.txt
  • VirusTotal Results

Edited by LiquidTension, 19 July 2014 - 03:17 PM.

  • 0

#7
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Hello,

Do you still require help?
  • 0

#8
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam.

 

Sorry about the delay in getting back to you.

 

I only get a couple of hours on Tuesday and Thursday evenings

and what youp replied would take longer than that to do,

so I'll do it over the weekend and get back to you.

 

But to start I did create the General folder to hold non specific pics and docs.

 

The Norton AV was preinstalled on the netbook when I bought it.

 

But I loaded Avast as I used that on my PC.

 

I will uninstall the Norton so I just have Avast on the netbook.

I'll post a reply when I've done what you sent to me. 

 

Dave.

 


  • 0

#9
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
That's quite alright, Dave. No rush. :)
  • 0

#10
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam.

 

I've done as you asked.

 

I created the general folder as I previously mentioned.

 

I have uninstalled the Norton AV, so I just have Avast.

 

Here is the fixlog.txt  see attached file :

 

 

Here's the URL :

 

https://wwwvirustota...sis/1405881877/

 

 

Hope this helps.

 

 

Dave.

Attached Files


  • 0

Advertisements


#11
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Dave,

 

Apologies for the delay. 
 
The VirusTotal URL appears to be broken. Please re-upload the file to VirusTotal, and copy/paste the URL in your next reply (ensuring the link works prior to posting). 
 
Thanks!


  • 0

#12
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam. Here's the Virus total URL : https://www.virustot...sis/1405881877/


Edited by Dave 77 HD, 22 July 2014 - 12:18 PM.

  • 0

#13
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Dave,
 
Thank you for the VirusTotal results. Lets check for adware and potentially unwanted programmes. Please provide an update on your computer after carrying out the steps below. How is your computer performing? 
 
STEP 1
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files prior to running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • JRT.txt

  • 0

#14
Dave 77 HD

Dave 77 HD

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Adam.
 
Here's the files you asked for.

 

AdWCleaner.

 

 

# AdwCleaner v3.216 - Report created 24/07/2014 at 00:50:48

# Updated 17/07/2014 by Xplode# Operating System : Windows 7 Starter Service Pack 1 (32 bits)

# Username : Dave - HP

# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

***** [ Browsers ] *****

 

 

-\\ Internet Explorer v11.0.9600.17207

-\\ Google Chrome v

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

 

AdwCleaner[R0].txt - [2090 octets] - [23/07/2014 23:22:22]

AdwCleaner[R1].txt - [854 octets] - [24/07/2014 00:41:19]

AdwCleaner[S0].txt - [2191 octets] - [23/07/2014 23:29:18]

AdwCleaner[S1].txt - [776 octets] - [24/07/2014 00:50:48]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [835 octets] ##########

 

 

JRT.txt

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Junkware Removal Tool (JRT) by Thisisu

 

Version: 6.1.4 (04.06.2014:1)

 

OS: Windows 7 Starter x86

 

Ran by Dave on 24/07/2014 at  0:10:59.14

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

~~~ Services

 

 

 

 

~~~ Registry Values

 

 

 

 

~~~ Registry Keys

 

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CE2398B-CED9-4BC7-B92C-BE45373DE014}

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1CE2398B-CED9-4BC7-B92C-BE45373DE014}

 

 

 

 

~~~ Files

 

 

 

 

~~~ Folders

 

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{08125D1C-BD8C-43C2-9A22-2EE1A3E3F799}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{0924FD3F-6435-4115-AD29-0077D2DF5F82}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{3277ABBC-731A-4F69-AD7B-75EBBBC29B07}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{3447E237-2AA7-47BC-B1C8-081E31D414D6}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{3776E3C3-B96B-42EB-A8A4-350D5DBCD660}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{435832E2-BEEF-4F03-AA3E-517144EA4641}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{45D8FE66-46B6-4CD5-9C38-FD2B40397185}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{520D04A0-2F63-4AAB-81E2-43C401BF4233}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{5D37A327-ECDB-4D65-8517-4F1CC2C33F0A}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{5E207F67-9F09-4925-AB3F-C0B567E89B00}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{662D92CD-AA0B-4999-93D0-89AB4C31E08D}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{672A26C6-66AD-4C94-A537-345FF9ECB9A1}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{69C55D5E-7B31-409B-A9F7-6C3F6C113616}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{6C02950C-E901-4522-A0D4-D5CCEF5FBB36}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{759CBF76-237F-467B-80AB-984EF9FE1234}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{7837B2F3-A91E-463D-B9FB-CDB41F74599F}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{832E1F57-107C-4CAF-BA41-9B278E46C14B}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{875263AD-C066-490E-9298-55E40BD28B3C}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{883F5851-0DFF-4B27-82E6-9A84AEF4FAD0}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{9383CCA4-B36B-460C-9C26-E2A7CCAF5857}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{9DEB6ADD-0769-4BED-A70F-C755FC909156}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{9FBDFC3F-9FFE-47F3-8BC1-D35791724408}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{A2C6584F-C1A3-4F69-BEA8-388C43088F4C}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{A70E27DD-FF43-43E4-9C03-0C41BD35D055}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{BBEFCA5D-A1B2-4777-9A89-AB4597752E31}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{C2BCA431-ADE9-4447-AF95-13EF7055E9C4}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{C383500B-0B52-4DF2-B081-2621D9073C53}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{C716076D-9C1D-428A-B97A-8707D90EDA9C}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{D4059BA4-9631-4202-BAA1-A51D2356FF16}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{D5D71350-A090-43D3-8F6D-01101AD13624}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{DCF7AE06-ABB6-4901-BB3F-1F86758B335B}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{E07D30E9-B75C-4027-8353-E327D4C117CA}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{E2CE8EFB-07D8-447A-8C07-5560A3138BA4}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{F87B3274-C1D0-46A1-91FF-C036FA2033CE}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{FBBC5C75-EDE1-426D-96C9-6998F3B184DB}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{FEC07958-F0D1-4EFC-B810-6C05A23F6C32}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{FF0F714E-7731-4A83-B370-139B9A00599A}

 

Successfully deleted: [Empty Folder] C:\Users\Dave\appdata\local\{FF89F54F-EB73-4851-9D38-7996D1B76361}

 

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan was completed on 24/07/2014 at  0:23:39.48

 

End of JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Hope this helps.


  • 0

#15
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Dave,
 
Looks good. One final check for remnants, and we'll be almost done. 
 
STEP 1
CXrghb6.png Update/Remove Java

  • Download the latest version of j8JVMVP.jpg Java from here.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for and uninstall the following programmes (if present):
    • Java™ 6 Update 22
    • Java™ 6 Update 45
    • Java 7 Update 60
       

STEP 2
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.

  • Please download ESET Online Scan and save the file to your desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settingsPlace a checkmark next to Scan archivesScan for potentially unsafe applications and Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Java update/remove successfully? 
  • MBAM Scan log
  • ESET Online Scan log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP