The fixlist? Either right or left click on fixlist should bring up a pop up strip window on the lower portion of the screen that asks if you want to open or save. This does not work?
Windows Vista sytsem malfunctioning [Solved]
#16
Posted 03 November 2014 - 09:47 AM
#17
Posted 03 November 2014 - 10:20 AM
Yes the fixlist. a left click tells me no permission and a right click gives me these options
open (tried this, same message, no permission)
open in new tab
open in new window
save target as (tried this, doen't do anything)
print target
.....
....
...
Is there a code i need to allow me to open this file?
#18
Posted 03 November 2014 - 10:30 AM
Hi truder
No, no code.
Ok, we'll do it manually. Let's do this:
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
C:\Program Files\pcreg\service.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\MountPoints2: {7411de2b-b09e-11dd-bab3-001eec8d68aa} - F:\LaunchU3.exe -a
CHR HKLM-x32\...\Chrome\Extension: [maijnciappjnmmplnfkeojbnlfcbcein] - C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx []
C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx
S1 ddjocbba; \??\C:\Windows\system32\drivers\ddjocbba.sys [X]
C:\Windows\system32\drivers\ddjocbba.sys
S1 fjqlmkfq; \??\C:\Windows\system32\drivers\fjqlmkfq.sys [X]
C:\Windows\system32\drivers\fjqlmkfq.sys
S1 fmfpkeyc; \??\C:\Windows\system32\drivers\fmfpkeyc.sys [X]
C:\Windows\system32\drivers\fmfpkeyc.sys
S1 fsnokpay; \??\C:\Windows\system32\drivers\fsnokpay.sys [X]
C:\Windows\system32\drivers\fsnokpay.sys
S1 hsjxtipa; \??\C:\Windows\system32\drivers\hsjxtipa.sys [X]
C:\Windows\system32\drivers\hsjxtipa.sys
S1 jppboicf; \??\C:\Windows\system32\drivers\jppboicf.sys [X]
C:\Windows\system32\drivers\jppboicf.sys
S1 pxaudpsp; \??\C:\Windows\system32\drivers\pxaudpsp.sys [X]
C:\Windows\system32\drivers\pxaudpsp.sys
S1 qxekjwqx; \??\C:\Windows\system32\drivers\qxekjwqx.sys [X]
C:\Windows\system32\drivers\qxekjwqx.sys
2014-10-21 17:00 - 2014-10-21 17:00 - 00000563 _____ () C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job
2014-10-29 11:09 - 2014-05-15 19:23 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4093890282-1965577041-1362890082-1000\$ff24043d55f85ce9a20a8337d9b4b888
Task: {4F70825A-DC9D-42D3-9226-371949175AC7} - System32\Tasks\{2F03723F-C231-4169-AD76-946D5447A344} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {54041D91-E084-44AF-AB1E-FBD86EA110EB} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {8B5A35DB-4529-4A2B-8DAD-5ECDAF95B92C} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {993E627C-073E-47B7-9C9C-72E95C039FE0} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D38F2204-9E05-446A-909B-27DDF8946FBE} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcreg\service.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe (Desktop)
Run FRST and press Fix
On completion a log will be generated please post that.
Thank you
#19
Posted 03 November 2014 - 11:44 AM
Sorry 23red...Not sure I'm fully understanding. I copied your log to an already existing FRST notepad file on my desktop, ran FRST and pressed fix. It proceeded and asked me to reboot. I rebooted and don't see where it generated the log....that's if I understood and properly saved your log in the 1st place.
Please let me know what to do next...
Thanks,
Truder
#20
Posted 03 November 2014 - 11:53 AM
The log below was generated on my desktop...hopefully this is the log you are looking for??.....
Thanks,
Truder
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Owner at 2014-11-03 12:34:07 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
C:\Program Files\pcreg\service.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\MountPoints2: {7411de2b-b09e-11dd-bab3-001eec8d68aa} - F:\LaunchU3.exe -a
CHR HKLM-x32\...\Chrome\Extension: [maijnciappjnmmplnfkeojbnlfcbcein] - C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx []
C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx
S1 ddjocbba; \??\C:\Windows\system32\drivers\ddjocbba.sys [X]
C:\Windows\system32\drivers\ddjocbba.sys
S1 fjqlmkfq; \??\C:\Windows\system32\drivers\fjqlmkfq.sys [X]
C:\Windows\system32\drivers\fjqlmkfq.sys
S1 fmfpkeyc; \??\C:\Windows\system32\drivers\fmfpkeyc.sys [X]
C:\Windows\system32\drivers\fmfpkeyc.sys
S1 fsnokpay; \??\C:\Windows\system32\drivers\fsnokpay.sys [X]
C:\Windows\system32\drivers\fsnokpay.sys
S1 hsjxtipa; \??\C:\Windows\system32\drivers\hsjxtipa.sys [X]
C:\Windows\system32\drivers\hsjxtipa.sys
S1 jppboicf; \??\C:\Windows\system32\drivers\jppboicf.sys [X]
C:\Windows\system32\drivers\jppboicf.sys
S1 pxaudpsp; \??\C:\Windows\system32\drivers\pxaudpsp.sys [X]
C:\Windows\system32\drivers\pxaudpsp.sys
S1 qxekjwqx; \??\C:\Windows\system32\drivers\qxekjwqx.sys [X]
C:\Windows\system32\drivers\qxekjwqx.sys
2014-10-21 17:00 - 2014-10-21 17:00 - 00000563 _____ () C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job
2014-10-29 11:09 - 2014-05-15 19:23 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-4093890282-1965577041-1362890082-1000\$ff24043d55f85ce9a20a8337d9b4b888
Task: {4F70825A-DC9D-42D3-9226-371949175AC7} - System32\Tasks\{2F03723F-C231-4169-AD76-946D5447A344} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {54041D91-E084-44AF-AB1E-FBD86EA110EB} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {8B5A35DB-4529-4A2B-8DAD-5ECDAF95B92C} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {993E627C-073E-47B7-9C9C-72E95C039FE0} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {D38F2204-9E05-446A-909B-27DDF8946FBE} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcreg\service.exe
Task: C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe pcreg => Value not found.
"C:\Program Files\pcreg\service.exe" => File/Directory not found.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
"HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-4093890282-1965577041-1362890082-1000" => Key not found.
"HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7411de2b-b09e-11dd-bab3-001eec8d68aa}" => Key deleted successfully.
"HKCR\CLSID\{7411de2b-b09e-11dd-bab3-001eec8d68aa}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\maijnciappjnmmplnfkeojbnlfcbcein" => Key deleted successfully.
"C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx" => File/Directory not found.
"C:\Users\Owner\AppData\Local\CRE\maijnciappjnmmplnfkeojbnlfcbcein.crx" => File/Directory not found.
ddjocbba => Service deleted successfully.
"C:\Windows\system32\drivers\ddjocbba.sys" => File/Directory not found.
fjqlmkfq => Service deleted successfully.
"C:\Windows\system32\drivers\fjqlmkfq.sys" => File/Directory not found.
fmfpkeyc => Service deleted successfully.
"C:\Windows\system32\drivers\fmfpkeyc.sys" => File/Directory not found.
fsnokpay => Service deleted successfully.
"C:\Windows\system32\drivers\fsnokpay.sys" => File/Directory not found.
hsjxtipa => Service deleted successfully.
"C:\Windows\system32\drivers\hsjxtipa.sys" => File/Directory not found.
jppboicf => Service deleted successfully.
"C:\Windows\system32\drivers\jppboicf.sys" => File/Directory not found.
pxaudpsp => Service deleted successfully.
"C:\Windows\system32\drivers\pxaudpsp.sys" => File/Directory not found.
qxekjwqx => Service deleted successfully.
"C:\Windows\system32\drivers\qxekjwqx.sys" => File/Directory not found.
C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job => Moved successfully.
C:\Windows\Tasks\pcreg.job => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 => Moved successfully.
ZeroAccess: => Error: No automatic fix found for this entry.
C:\$Recycle.Bin\S-1-5-21-4093890282-1965577041-1362890082-1000\$ff24043d55f85ce9a20a8337d9b4b888 => Directory moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F70825A-DC9D-42D3-9226-371949175AC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F70825A-DC9D-42D3-9226-371949175AC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2F03723F-C231-4169-AD76-946D5447A344} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F03723F-C231-4169-AD76-946D5447A344}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54041D91-E084-44AF-AB1E-FBD86EA110EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54041D91-E084-44AF-AB1E-FBD86EA110EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B5A35DB-4529-4A2B-8DAD-5ECDAF95B92C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B5A35DB-4529-4A2B-8DAD-5ECDAF95B92C}" => Key deleted successfully.
C:\Windows\System32\Tasks\Express Files Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express Files Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{993E627C-073E-47B7-9C9C-72E95C039FE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{993E627C-073E-47B7-9C9C-72E95C039FE0}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D38F2204-9E05-446A-909B-27DDF8946FBE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D38F2204-9E05-446A-909B-27DDF8946FBE}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
C:\Windows\Tasks\pcreg.job not found.
C:\Windows\Tasks\RegCure Pro_sch_40C6B9EE-5965-11E4-BCF4-001EEC8D68AA.job not found.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
#21
Posted 03 November 2014 - 11:57 AM
Below is the result of step #2.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Owner (administrator) on OWNER-PC on 03-11-2014 12:55:23
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2008-04-15] (IDT, Inc.)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
BootExecute: autocheck autochk * SmartDefragBootTime.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKLM-x32 - {C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7} URL = http://search.yahoo....ing}&fr=hp-pvnb
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.31 172.16.0.8
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-06]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [86016 2008-02-12] (Andrea Electronics Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-08-06] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [70144 2008-01-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89088 2008-01-16] (Hewlett-Packard) [File not signed]
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292232 2008-04-24] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [112008 2008-04-24] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe [246272 2008-04-15] (IDT, Inc.)
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [9088 2007-07-11] (Hewlett-Packard Development Company, L.P.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-11-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 Netaapl; system32\DRIVERS\netaapl64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 12:34 - 2014-11-03 12:34 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2014-10-29 10:57 - 2014-10-29 10:57 - 00000000 ____D () C:\Users\Owner\Downloads\Tax Return
2014-10-29 10:57 - 2014-10-29 10:57 - 00000000 ____D () C:\Users\Owner\Downloads\Lease App
2014-10-29 10:29 - 2014-10-29 10:30 - 00024525 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-10-29 10:28 - 2014-11-03 12:55 - 00016036 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-10-29 10:28 - 2014-11-03 12:55 - 00000000 ____D () C:\FRST
2014-10-29 10:27 - 2014-11-03 12:34 - 02114560 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-10-29 10:23 - 2014-10-29 10:23 - 00001611 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-10-29 10:20 - 2014-10-29 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-10-29 10:17 - 2014-10-29 10:17 - 01706144 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2014-10-29 09:59 - 2014-10-29 10:04 - 00000000 ____D () C:\AdwCleaner
2014-10-29 09:58 - 2014-10-29 09:58 - 01998336 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2014-10-22 17:01 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-10-22 17:01 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-10-22 17:00 - 2014-10-23 01:39 - 00000000 ____D () C:\VIPRERESCUE
2014-10-22 16:55 - 2014-10-22 16:57 - 173260800 _____ () C:\Users\Owner\Desktop\VIPRERescue34140.exe
2014-10-22 15:52 - 2014-10-22 15:55 - 00002664 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-10-22 15:48 - 2014-10-22 15:48 - 00078750 _____ () C:\Users\Owner\Desktop\OTL102214.Txt
2014-10-22 15:31 - 2014-10-22 15:31 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-10-21 16:07 - 2014-11-03 12:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 16:05 - 2014-10-21 16:05 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 16:05 - 2014-10-21 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 16:05 - 2014-10-21 16:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 16:05 - 2014-05-12 06:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 16:05 - 2014-05-12 06:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-21 15:13 - 2014-10-21 15:13 - 00001059 _____ () C:\Users\Owner\Desktop\Revo Uninstaller.lnk
2014-10-21 15:13 - 2014-10-21 15:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-21 15:12 - 2014-10-21 15:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Owner\Downloads\revosetup.exe
2014-10-16 02:12 - 2014-09-17 01:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 02:12 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 02:11 - 2014-09-27 18:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:07 - 2014-06-15 17:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:07 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 02:07 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 02:07 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 02:07 - 2014-06-13 12:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:07 - 2014-06-13 12:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:05 - 2014-09-04 18:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 19:23 - 2014-09-19 19:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:23 - 2014-09-19 18:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:23 - 2014-09-19 18:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:23 - 2014-09-19 18:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:23 - 2014-09-19 18:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:23 - 2014-09-19 18:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:23 - 2014-09-19 18:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 19:23 - 2014-09-19 18:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 19:23 - 2014-09-19 18:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:23 - 2014-09-19 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 19:23 - 2014-09-19 18:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:23 - 2014-09-19 18:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:23 - 2014-09-19 18:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 19:23 - 2014-09-19 18:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 19:23 - 2014-09-19 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 19:23 - 2014-09-19 18:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:23 - 2014-09-19 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:23 - 2014-09-19 18:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 19:23 - 2014-09-19 18:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 19:23 - 2014-09-19 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 19:23 - 2014-09-19 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 19:23 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:23 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:23 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:23 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:23 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:23 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:23 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-15 19:23 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 19:23 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 19:23 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:23 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 19:23 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:23 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:23 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-15 19:23 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 19:23 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 19:23 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:23 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:23 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-15 19:23 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-15 19:23 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-12 11:51 - 2014-10-12 16:38 - 00000000 ____D () C:\Program Files (x86)\QuickTime
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 12:42 - 2006-11-02 07:46 - 00771970 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 12:40 - 2008-08-06 07:56 - 01988160 _____ () C:\Windows\WindowsUpdate.log
2014-11-03 12:40 - 2008-06-05 08:57 - 00003576 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-03 12:37 - 2008-08-06 08:25 - 00193453 _____ () C:\ProgramData\nvModes.001
2014-11-03 12:36 - 2008-08-06 08:24 - 00193453 _____ () C:\ProgramData\nvModes.dat
2014-11-03 12:36 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-03 12:36 - 2006-11-02 10:22 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-03 12:36 - 2006-11-02 10:22 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 12:34 - 2008-06-05 07:08 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-03 12:34 - 2006-11-02 10:42 - 00032556 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-03 10:33 - 2011-06-17 03:08 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7E42681E-F4F5-40D3-94D6-6C443F0CC685}
2014-10-30 19:54 - 2008-09-27 15:40 - 00007592 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-10-30 06:25 - 2009-10-02 22:21 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 10:41 - 2008-11-11 22:31 - 00101376 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-29 10:05 - 2008-01-20 22:26 - 00249538 _____ () C:\Windows\PFRO.log
2014-10-29 10:04 - 2008-09-27 15:13 - 00000000 ____D () C:\Users\Owner
2014-10-29 09:22 - 2006-11-02 10:27 - 00075660 _____ () C:\Windows\setupact.log
2014-10-29 09:19 - 2008-11-12 05:12 - 00000000 ____D () C:\Users\Owner\Resume Folder
2014-10-22 21:09 - 2014-05-17 15:13 - 00000000 ____D () C:\temp
2014-10-22 21:07 - 2008-12-08 23:10 - 00000000 ____D () C:\Users\Owner\AppData\Local\CurseClient
2014-10-22 16:13 - 2008-09-27 17:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-22 15:47 - 2013-07-18 17:03 - 00078750 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-10-21 16:05 - 2008-11-15 13:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-10-21 16:05 - 2008-11-15 13:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 15:43 - 2009-09-13 13:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-21 15:42 - 2009-09-13 13:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-10-21 15:25 - 2011-01-15 23:31 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-10-21 15:12 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\Resources
2014-10-19 20:49 - 2008-12-10 14:51 - 00001748 ____H () C:\Users\Owner\Videos\Veoh\Documents\Default.rdp
2014-10-19 19:18 - 2014-02-26 20:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-10-19 09:33 - 2014-05-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-17 20:49 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-16 20:11 - 2006-11-02 07:33 - 87818240 _____ () C:\Windows\system32\config\software_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 60030976 _____ () C:\Windows\system32\config\components_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 21233664 _____ () C:\Windows\system32\config\system_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-16 20:11 - 2006-11-02 07:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-16 20:10 - 2011-01-17 16:49 - 00000000 ____D () C:\Program Files\Microsoft ATS
2014-10-16 20:10 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\spool
2014-10-16 20:10 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration
2014-10-16 02:26 - 2006-11-02 10:21 - 00337160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:09 - 2008-06-05 08:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:05 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2006-11-02 07:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-14 15:21 - 2014-07-15 17:18 - 00000334 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner.job
2014-10-14 15:20 - 2008-11-11 20:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-12 16:46 - 2012-06-04 10:58 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-12 16:37 - 2008-11-11 21:28 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-12 16:00 - 2013-12-11 03:06 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-10-12 12:02 - 2013-10-30 07:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-12 09:21 - 2014-05-09 18:51 - 00000000 ____D () C:\Program Files (x86)\Free Music Zilla
2014-10-04 20:12 - 2008-06-05 08:32 - 00002569 _____ () C:\Users\Owner\Desktop\Excel 2007.lnk
2014-10-04 01:03 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-03 12:43
==================== End Of Log ============================
#22
Posted 03 November 2014 - 12:36 PM
step 3 below... fix was not enabled so i just saved the log.
step 4. I believe a few years ago I was told to disable some startup programs. If you feel some should be running by all means let me know )
aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2014-11-03 12:59:37
-----------------------------
12:59:37.887 OS Version: Windows x64 6.0.6002 Service Pack 2
12:59:37.887 Number of processors: 2 586 0x1706
12:59:37.888 ComputerName: OWNER-PC UserName: Owner
12:59:39.394 Initialize success
12:59:39.535 VM: initialized successfully
12:59:39.536 VM: Intel CPU BiosDisabled
12:59:39.572 disk I/O atapi.sys
13:19:36.374 AVAST engine defs: 14110301
13:20:42.564 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:20:42.564 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
13:20:43.173 Disk 0 MBR read successfully
13:20:43.173 Disk 0 MBR scan
13:20:43.438 Disk 0 unknown MBR code
13:20:43.438 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293684 MB offset 63
13:20:43.469 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11557 MB offset 601466880
13:20:43.734 Disk 0 scanning C:\Windows\system32\drivers
13:21:07.103 Service scanning
13:22:01.376 Modules scanning
13:22:01.376 Disk 0 trace - called modules:
13:22:01.407 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:22:01.407 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004db7300]
13:22:01.407 3 CLASSPNP.SYS[fffffa6000a42c33] -> nt!IofCallDriver -> [0xfffffa8005b0a2a0]
13:22:01.422 5 hpdskflt.sys[fffffa60019e60ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c3c060]
13:22:02.733 AVAST engine scan C:\Windows
13:22:11.297 AVAST engine scan C:\Windows\system32
13:28:15.822 AVAST engine scan C:\Windows\system32\drivers
13:28:35.806 AVAST engine scan C:\Users\Owner
13:31:40.401 File: C:\Users\Owner\AppData\LocalLow\nuaprbk.dll **INFECTED** Win64:Injector-A [Trj]
13:33:09.305 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:33:09.383 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
#23
Posted 04 November 2014 - 12:27 AM
That did the trick. Thank you That'd be them!
I'm going to go thru this ~ I'll post back as soon as is possible.
#24
Posted 05 November 2014 - 10:31 AM
Hi Truder
Sincere apologies for the delay ~ Life got in the way!
So there we have it. ASWmbr has detected a rootkit ~ a backdoor injector.
It's my duty to inform you:
First
The computer is infected with a backdoor Trojan.
Backdoor Trojans are software programs that give an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Backdoor Trojan functionality allows unauthorized remote access to the infected computer while running in the background. A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.
If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:
•Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
•From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear
We can clean it up as best we know how, but there is no guarantee the computer can ever be trusted. Many recommend a complete wipe and reinstall of Windows at this point.
I would not do any banking or pay any bills with this computer the way it is now. You should go to a known clean computer and change your passwords for bank accounts.
Also, ZA will load other malware onto your computer, connect your computer to a botnet, and open up a backdoor on your system to do god knows what. Remember, zero access was detected and removed previously also.
A reformat will fix it. It can be removed without a reformat, but I can't %100 guarantee that the backdoor has been closed.
If you choose to continue, please do the following:
Combofix
Download ComboFix from one of the locations below, and save it to your Desktop.
**Note: It is important that it is saved directly to your desktop**
•Close any open browsers.
* IMPORTANT - Disable your AntiVirus and any AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools.
If you have difficulty properly disabling your protective programs, refer to this link here.
•Double click combofix.exe and follow the prompts.
•Accept the disclaimer and allow to update if it asks
•When finished, it shall produce a log for you.
•Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouseclick combofix's window while its running. That may cause it to stall
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Firewall and Anti-Virus!
Please let me know how it goes or what you decide to do.
Thank you
#25
Posted 05 November 2014 - 03:42 PM
HI 23red. I proceeeded with the fix. below are the results....
Thanks,
Truder
ComboFix 14-10-29.01 - Owner 11/05/2014 16:27:13.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2388 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\vunqe.dll
c:\users\Owner\videos\wlsetup-all.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-10-05 to 2014-11-05 )))))))))))))))))))))))))))))))
.
.
2014-11-05 21:34 . 2014-11-05 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-04 15:35 . 2014-10-20 07:37 11627712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{44399F7B-1450-46D4-9F20-D5C72A484BD9}\mpengine.dll ERROR(0x00000005)
2014-11-03 22:08 . 2014-11-03 22:08 -------- d-----w- c:\program files\iPod
2014-11-03 22:08 . 2014-11-03 22:10 -------- d-----w- c:\program files\iTunes
2014-11-03 22:08 . 2014-11-03 22:10 -------- d-----w- c:\program files (x86)\iTunes
2014-11-03 22:07 . 2014-11-03 22:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-11-03 22:05 . 2014-11-03 22:08 -------- d-----w- c:\program files\Common Files\Apple
2014-11-03 22:04 . 2014-11-03 22:08 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-10-29 15:28 . 2014-11-03 17:56 -------- d-----w- C:\FRST
2014-10-29 15:20 . 2014-10-29 15:20 -------- d-----w- c:\windows\ERUNT
2014-10-29 14:59 . 2014-10-29 15:04 -------- d-----w- C:\AdwCleaner
2014-10-22 22:01 . 2013-09-04 18:57 31264 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-10-22 22:01 . 2013-05-23 12:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-10-22 22:00 . 2014-10-23 06:39 -------- d-----w- C:\VIPRERESCUE
2014-10-21 20:13 . 2014-11-04 14:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-10-16 07:12 . 2014-09-17 06:57 76800 ----a-w- c:\windows\system32\packager.dll
2014-10-16 07:12 . 2014-09-16 16:56 66560 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-16 07:11 . 2014-09-27 23:41 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 07:07 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 07:07 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 07:07 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 07:07 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 07:07 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 07:07 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 07:05 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-10-12 16:51 . 2014-10-12 21:38 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 10:34 . 2009-10-03 03:21 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-16 07:00 . 2006-11-02 12:35 103265616 ----a-w- c:\windows\system32\mrt.exe
2014-09-09 06:40 . 2014-09-24 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-09-24 07:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 01:05 . 2014-08-28 07:00 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 07:00 390144 ----a-w- c:\windows\system32\gdi32.dll
2014-08-16 04:35 . 2014-08-16 04:35 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-08-16 04:35 . 2014-08-16 04:35 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2014-08-16 04:13 . 2014-08-16 04:13 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2014-08-16 04:13 . 2014-08-16 04:13 23040 ----a-w- c:\windows\system32\drivers\netaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58 75008 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44 488752 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 16:07 323640 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files (x86)\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-14 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-05 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.31 172.16.0.8
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe
Toolbar-10 - (no file)
HKLM-Run-pcreg - c:\program files\pcreg\service.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\photostage.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,68,28,45,ca,24,2d,4d,a0,15,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,68,28,45,ca,24,2d,4d,a0,15,a1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-11-05 16:37:32
ComboFix-quarantined-files.txt 2014-11-05 21:37
.
Pre-Run: 226,688,286,720 bytes free
Post-Run: 226,721,546,240 bytes free
.
- - End Of File - - BB66A55904CBE5038660D6B382E09B25
85D751F0E41B8E520AEE8C07A8DA777B
#26
Posted 06 November 2014 - 06:42 PM
Hi truder
Please advise how the computer is doing following this:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quote box below into it:
File::
C:\Users\Owner\AppData\LocalLow\nuaprbk.dll
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Thank you
#27
Posted 07 November 2014 - 11:56 AM
Hello 23red. Below is the log created.
Thank you!! Happy Friday
ComboFix 14-11-03.01 - Owner 11/07/2014 12:36:48.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4092.2611 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\LocalLow\nuaprbk.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\LocalLow\nuaprbk.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Created from 2014-10-07 to 2014-11-07 )))))))))))))))))))))))))))))))
.
.
2014-11-07 17:48 . 2014-11-07 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-07 17:48 . 2014-11-07 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-11-06 01:37 . 2014-11-06 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Wondershare
2014-11-06 01:34 . 2014-11-06 01:34 -------- d-----w- c:\users\Owner\AppData\Roaming\AimerSoft
2014-11-06 01:31 . 2013-05-09 14:48 29288 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
2014-11-06 01:31 . 2014-11-06 01:31 -------- d-----w- c:\program files (x86)\Aimersoft
2014-11-05 23:21 . 2014-11-05 23:21 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-11-05 22:06 . 2014-11-05 22:06 -------- d-----w- c:\users\Owner\AppData\Roaming\AVAST Software
2014-11-05 22:00 . 2014-11-05 22:00 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-11-05 22:00 . 2014-11-05 22:00 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-05 22:00 . 2014-11-05 22:00 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-05 22:00 . 2014-11-05 22:00 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-11-05 22:00 . 2014-11-05 22:06 83280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-11-05 22:00 . 2014-11-05 22:00 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-05 22:00 . 2014-11-05 22:00 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-11-05 22:00 . 2014-11-05 22:06 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-05 22:00 . 2014-11-05 22:00 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-05 22:00 . 2014-11-05 22:00 43152 ----a-w- c:\windows\avastSS.scr
2014-11-05 21:48 . 2014-11-05 21:48 -------- d-----w- c:\program files\AVAST Software
2014-11-04 15:35 . 2014-10-20 07:37 11627712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{44399F7B-1450-46D4-9F20-D5C72A484BD9}\mpengine.dll ERROR(0x00000005)
2014-11-03 22:08 . 2014-11-03 22:08 -------- d-----w- c:\program files\iPod
2014-11-03 22:08 . 2014-11-03 22:10 -------- d-----w- c:\program files\iTunes
2014-11-03 22:08 . 2014-11-03 22:10 -------- d-----w- c:\program files (x86)\iTunes
2014-11-03 22:07 . 2014-11-03 22:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2014-11-03 22:05 . 2014-11-03 22:08 -------- d-----w- c:\program files\Common Files\Apple
2014-11-03 22:04 . 2014-11-03 22:08 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-10-29 15:28 . 2014-11-03 17:56 -------- d-----w- C:\FRST
2014-10-29 15:20 . 2014-10-29 15:20 -------- d-----w- c:\windows\ERUNT
2014-10-29 14:59 . 2014-10-29 15:04 -------- d-----w- C:\AdwCleaner
2014-10-22 22:01 . 2013-09-04 18:57 31264 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-10-22 22:01 . 2013-05-23 12:39 41032 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-10-22 22:00 . 2014-10-23 06:39 -------- d-----w- C:\VIPRERESCUE
2014-10-21 20:13 . 2014-11-04 14:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-10-16 07:12 . 2014-09-17 06:57 76800 ----a-w- c:\windows\system32\packager.dll
2014-10-16 07:12 . 2014-09-16 16:56 66560 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-16 07:11 . 2014-09-27 23:41 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 07:07 . 2014-06-13 18:22 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 07:07 . 2014-06-13 18:22 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 07:07 . 2014-06-13 17:36 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 07:07 . 2014-06-13 17:36 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 07:07 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 07:07 . 2014-06-15 22:18 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 07:05 . 2014-09-04 23:38 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-12 16:51 . 2014-10-12 16:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-10-12 16:51 . 2014-10-12 21:38 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 10:34 . 2009-10-03 03:21 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-16 07:00 . 2006-11-02 12:35 103265616 ----a-w- c:\windows\system32\mrt.exe
2014-09-09 06:40 . 2014-09-24 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-09-24 07:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-23 01:05 . 2014-08-28 07:00 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-08-28 07:00 390144 ----a-w- c:\windows\system32\gdi32.dll
2014-08-16 04:35 . 2014-08-16 04:35 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-08-16 04:35 . 2014-08-16 04:35 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2014-08-16 04:13 . 2014-08-16 04:13 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2014-08-16 04:13 . 2014-08-16 04:13 23040 ----a-w- c:\windows\system32\drivers\netaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-05 5223016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58 75008 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files (x86)\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 14:44 488752 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 16:07 323640 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files (x86)\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-05 22:05 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 22:00]
.
2014-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cff94538588250.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 22:00]
.
2014-10-14 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-05 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-05 22:00 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 82464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 15844384]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
"pcreg"="c:\program files\pcreg\service.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.31 172.16.0.8
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-hpqSRMon - c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\photostage.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,68,28,45,ca,24,2d,4d,a0,15,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,68,28,45,ca,24,2d,4d,a0,15,a1,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-11-07 12:53:47
ComboFix-quarantined-files.txt 2014-11-07 17:53
ComboFix2.txt 2014-11-05 21:37
.
Pre-Run: 220,246,192,128 bytes free
Post-Run: 231,335,018,496 bytes free
.
- - End Of File - - 0DBCCE6346F0F23454B404C081E595F2
85D751F0E41B8E520AEE8C07A8DA777B
#28
Posted 07 November 2014 - 11:02 PM
Hi truder
Thank You, happy Friday to you as well
Excellent work! How is the computer running?
A couple of items I'd like to check: May you run OTL for me one more time, please.
Fresh OTL Scan
• Please right click on Run as Administrator, accept UAC prompts.
• Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
•Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
•When the scan completes, it will open a notepad window. OTL.Txt ~ saved in the same location as OTL ~ Desktop
•Please copy (Edit ~> Select All, Edit ~> Copy) the log it produces in your next reply.
Thank you
#29
Posted 09 November 2014 - 09:58 AM
How are you getting on with the instructions? Do you require addition time?
#30
Posted 10 November 2014 - 05:20 PM
HI 23red. Sorry for the delay...I have been a little busy lightly. Ran my 1st 1/2 marathon this past weekend. Glad it's over. lol
Below are the results of the scan. The computer isn't running much differently but if it's getting cleaned up that's a good thing. thanks.
google chrome still is crashing...any suggestions?
Thanks,
Truder
OTL logfile created on: 11/10/2014 5:59:15 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 50.22% Memory free
8.20 Gb Paging File | 5.87 Gb Available in Paging File | 71.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.80 Gb Total Space | 210.21 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
Drive D: | 11.29 Gb Total Space | 1.86 Gb Free Space | 16.51% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/11/05 17:06:12 | 005,223,016 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/05 16:59:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/10/22 15:31:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/17 04:00:14 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2012/01/04 14:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2007/09/11 02:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
========== Modules (No Company Name) ==========
MOD - [2014/11/05 17:00:07 | 038,561,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/11/05 16:59:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/04/15 13:18:44 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 18:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 15:05:54 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_48fbb870\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 14:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/07 18:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/08/06 08:35:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/09/11 02:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/11/05 17:06:13 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/05 17:06:13 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/05 17:00:11 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/11/05 17:00:11 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/05 17:00:11 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/05 17:00:11 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2014/11/05 17:00:11 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/05 17:00:10 | 000,064,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/08/15 23:13:34 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/09/04 13:57:44 | 000,031,264 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gfiutil.sys -- (gfiutil)
DRV:64bit: - [2013/05/09 09:48:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/26 18:02:26 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/07/14 06:34:28 | 007,653,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/11/17 14:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/05/13 21:09:00 | 000,054,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/04/28 10:55:32 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/04/15 13:19:56 | 000,453,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/15 05:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/11 12:56:28 | 000,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/04/03 14:36:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2008/03/27 14:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 14:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 17:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 06:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/07/11 12:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/20 18:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2007/01/18 14:10:22 | 000,030,336 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 21:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C3928179-7CC5-459E-B0DE-B0AD5E6BCBF7}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/05 17:00:12 | 000,000,000 | ---D | M]
[2009/11/22 16:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: 8B66D686059564F146B0645E1FC1BDA4B4A5885A23184382E7A452A2CF281485 ()
CHR - default_search_provider: search_url = BB937C70812130175C92F0B592617DE54052D91DEF84ACC59765052C256E0C8F
CHR - default_search_provider: suggest_url =
CHR - homepage: B6E7DC4BBFFF7D32B7B296A562CA60E40CE2B2AA99DED6E91D1DA41327356946
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
O1 HOSTS File: ([2014/11/07 12:48:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-4093890282-1965577041-1362890082-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553547600} http://fpdownload2.m...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{048AC834-2A6A-408D-AFAA-9E79B901EA58}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{810D9A27-320C-44B1-AE50-C88CD683C726}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F5BB565-6DF2-4875-B406-B92AC47A99CE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/23 18:19:05 | 000,000,300 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/11/07 15:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/07 14:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/07 14:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/07 14:53:47 | 004,977,216 | ---- | C] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup419.exe
[2014/11/07 12:53:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/05 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Wondershare
[2014/11/05 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AimerSoft
[2014/11/05 20:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2014/11/05 20:31:57 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys
[2014/11/05 20:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2014/11/05 18:21:30 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/11/05 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2014/11/05 17:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/11/05 17:00:22 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2014/11/05 17:00:20 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/05 17:00:19 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys
[2014/11/05 17:00:18 | 000,064,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2014/11/05 17:00:16 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/05 17:00:13 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/05 17:00:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/05 16:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/11/05 16:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/11/05 16:37:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/11/05 16:23:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/11/05 16:23:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/11/05 16:23:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/11/05 16:23:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/05 16:17:25 | 005,593,178 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2014/11/03 17:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/11/03 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/11/03 17:08:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/11/03 17:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/11/03 17:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/11/03 17:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/11/03 17:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/11/03 17:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/11/03 12:58:34 | 005,192,704 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/11/03 12:34:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\FRST-OlderVersion
[2014/10/29 10:28:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/29 10:27:33 | 002,114,560 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/10/29 10:20:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/29 10:17:40 | 001,706,144 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/10/29 09:59:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/22 17:01:15 | 000,031,264 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiutil.sys
[2014/10/22 17:01:14 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
[2014/10/22 17:00:50 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/10/22 15:31:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/10/21 15:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/10/16 02:12:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/16 02:12:25 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/16 02:07:14 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2014/10/16 02:07:14 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2014/10/16 02:07:14 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2014/10/16 02:07:14 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2014/10/16 02:07:09 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2014/10/16 02:07:09 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2014/10/15 19:23:53 | 002,339,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/10/15 19:23:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/10/15 19:23:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/10/15 19:23:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/10/15 19:23:51 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/10/15 19:23:51 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/10/15 19:23:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/10/15 19:23:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/10/15 19:23:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/10/15 19:23:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/10/15 19:23:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014/10/15 19:23:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/10/15 19:23:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/10/15 19:23:23 | 001,494,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/10/15 19:23:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014/10/15 19:23:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/10/15 19:23:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/10/15 19:23:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014/10/15 19:23:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014/10/15 19:23:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014/10/12 11:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
========== Files - Modified Within 30 Days ==========
[2014/11/10 17:55:20 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 17:55:20 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/10 17:54:46 | 000,193,453 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2014/11/10 17:54:46 | 000,193,453 | ---- | M] () -- C:\ProgramData\nvModes.001
[2014/11/10 17:54:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/09 11:07:19 | 000,000,732 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2014/11/09 07:47:25 | 000,771,970 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/09 07:47:25 | 000,651,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/09 07:47:25 | 000,124,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/08 03:51:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/11/07 18:28:58 | 000,002,009 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/07 16:30:26 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/07 16:25:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cffad15016f380.job
[2014/11/07 16:25:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/07 15:10:06 | 000,000,899 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/07 14:55:03 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/07 14:54:20 | 004,977,216 | ---- | M] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup419.exe
[2014/11/07 12:48:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/11/07 12:31:01 | 005,593,178 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2014/11/05 20:32:30 | 000,001,052 | ---- | M] () -- C:\Users\Owner\Desktop\Aimersoft Music Recorder.lnk
[2014/11/05 17:06:21 | 000,001,827 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/05 17:06:13 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/05 17:06:13 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswmonflt.sys
[2014/11/05 17:00:11 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/05 17:00:11 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/05 17:00:11 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/05 17:00:11 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/05 17:00:11 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2014/11/05 17:00:11 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/05 17:00:10 | 000,064,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2014/11/05 17:00:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/04 10:30:16 | 000,101,376 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/11/04 10:04:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/11/03 17:10:23 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/03 13:33:09 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/11/03 12:59:13 | 005,192,704 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2014/11/03 12:34:02 | 002,114,560 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
[2014/10/30 19:54:35 | 000,007,592 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2014/10/29 10:17:39 | 001,706,144 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/10/29 09:58:33 | 001,998,336 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2014/10/22 16:57:02 | 173,260,800 | ---- | M] () -- C:\Users\Owner\Desktop\VIPRERescue34140.exe
[2014/10/22 16:13:02 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/22 15:31:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/10/19 20:49:43 | 000,001,748 | -H-- | M] () -- C:\Users\Owner\Videos\Veoh\Documents\Default.rdp
[2014/10/16 02:26:59 | 000,337,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/14 15:21:04 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
========== Files Created - No Company Name ==========
[2014/11/07 16:30:26 | 000,002,009 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/07 16:30:26 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/07 16:25:11 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cffad15016f380.job
[2014/11/07 16:25:11 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/07 14:55:03 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/05 20:32:30 | 000,001,052 | ---- | C] () -- C:\Users\Owner\Desktop\Aimersoft Music Recorder.lnk
[2014/11/05 17:06:21 | 000,001,827 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/05 17:00:21 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/05 17:00:20 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/05 17:00:19 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/05 16:23:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/11/05 16:23:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/11/05 16:23:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/11/05 16:23:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/11/05 16:23:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/11/04 09:19:30 | 000,000,899 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/03 17:10:23 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/11/03 17:07:20 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/11/03 13:33:09 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/10/29 09:58:46 | 001,998,336 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
[2014/10/22 16:55:38 | 173,260,800 | ---- | C] () -- C:\Users\Owner\Desktop\VIPRERescue34140.exe
[2011/08/01 20:34:45 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2011/06/08 05:34:59 | 000,000,777 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\com.zoosk.Desktop_state.xml
[2009/08/11 19:52:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/12 20:48:22 | 000,002,108 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_audio.Cache
[2009/03/12 20:48:22 | 000,000,072 | ---- | C] () -- C:\Users\Owner\AppData\Local\rx_image.Cache
[2008/12/02 10:23:43 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2008/11/11 22:31:04 | 000,101,376 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 17:57:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/27 15:40:33 | 000,007,592 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/08/06 08:25:22 | 000,193,453 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/08/06 08:24:52 | 000,193,453 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 11:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users