Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

odesk account hacked?

odesk account

  • Please log in to reply

#1
aliyas

aliyas

    New Member

  • Member
  • Pip
  • 1 posts

Hi everyone. Am suspecting my odesk account to have been hacked. I noticed my account sending random messages to my client. I have run avast software but found no virus. Ran microsoft essentials also came clean. At the moment I have changed my security credentials in odesk to try and stop the hacker to access my money or message my clients. Random messages are still been sent as we speak.

 

I don't know what else to do. Please check the log below and let me know if I've been affected by a malware or anything else.

 

Thanks.

 

 

OTL logfile created on: 1/20/2015 6:03:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 21.94% Memory free
7.60 Gb Paging File | 3.62 Gb Available in Paging File | 47.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.82 Gb Total Space | 363.13 Gb Free Space | 79.84% Space Free | Partition Type: NTFS
Drive E: | 66.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Q: | 9.77 Gb Total Space | 1.83 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
 
Computer Name: PC-THINK | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/20 17:59:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Downloads\OTL.exe
PRC - [2015/01/17 17:22:04 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/01/15 12:32:49 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
PRC - [2015/01/10 00:47:09 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2015/01/09 03:35:57 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/19 15:21:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/08/04 05:00:23 | 004,907,264 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UnifiedUi.exe
PRC - [2014/08/01 04:27:07 | 000,432,384 | ---- | M] () -- C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
PRC - [2014/08/01 04:27:07 | 000,426,752 | ---- | M] () -- C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/05/27 11:10:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2014/05/27 11:10:38 | 000,149,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2014/05/27 11:10:34 | 000,330,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2014/05/27 11:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2014/04/18 09:23:31 | 001,070,848 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\CMUpdater.exe
PRC - [2014/04/18 09:23:31 | 000,450,304 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\CancelAutoPlay.exe
PRC - [2013/10/09 21:07:13 | 000,164,904 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskHelper.exe
PRC - [2013/10/09 21:07:12 | 000,365,608 | ---- | M] (oDesk Corporation) -- C:\Program Files (x86)\oDesk\oDeskTeam.exe
PRC - [2013/10/03 16:30:28 | 001,103,200 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/09/19 13:32:56 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/15 01:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/29 18:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013/05/29 18:24:04 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013/05/29 18:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/04/07 08:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 08:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/05/28 09:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008/01/10 23:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/17 17:22:00 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2015/01/15 12:32:43 | 016,844,464 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
MOD - [2015/01/09 03:35:54 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
MOD - [2015/01/09 03:35:51 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
MOD - [2015/01/09 03:35:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
MOD - [2015/01/09 03:35:48 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
MOD - [2014/11/19 15:23:42 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/04 05:00:23 | 004,907,264 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UnifiedUi.exe
MOD - [2014/08/01 04:27:07 | 000,426,752 | ---- | M] () -- C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
MOD - [2014/07/15 09:12:46 | 001,528,064 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\NDIS_Server.dll
MOD - [2014/07/15 09:12:46 | 000,652,032 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UniCodec.dll
MOD - [2014/07/15 09:12:46 | 000,648,448 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UniSdk.dll
MOD - [2014/07/15 09:12:46 | 000,547,584 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\CoreSDK.dll
MOD - [2014/07/15 09:12:46 | 000,169,216 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UniDevManager.dll
MOD - [2014/07/15 09:12:46 | 000,155,904 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\UniVousb.dll
MOD - [2014/07/15 09:12:46 | 000,088,320 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\VoiceVolumnAdjust.dll
MOD - [2014/04/18 09:23:31 | 017,333,760 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtWebKit4.dll
MOD - [2014/04/18 09:23:31 | 009,849,856 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtGui4.dll
MOD - [2014/04/18 09:23:31 | 002,552,320 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtCore4.dll
MOD - [2014/04/18 09:23:31 | 001,334,016 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\libAgent_III.dll
MOD - [2014/04/18 09:23:31 | 001,209,344 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtNetwork4.dll
MOD - [2014/04/18 09:23:31 | 001,070,848 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\CMUpdater.exe
MOD - [2014/04/18 09:23:31 | 000,478,720 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\sqldrivers\qsqlite4.dll
MOD - [2014/04/18 09:23:31 | 000,450,304 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\CancelAutoPlay.exe
MOD - [2014/04/18 09:23:31 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtXml4.dll
MOD - [2014/04/18 09:23:31 | 000,379,392 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\imageformats\qtiff4.dll
MOD - [2014/04/18 09:23:31 | 000,351,744 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\imageformats\qmng4.dll
MOD - [2014/04/18 09:23:31 | 000,344,576 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\phonon4.dll
MOD - [2014/04/18 09:23:31 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\imageformats\qjpeg4.dll
MOD - [2014/04/18 09:23:31 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\QtSql4.dll
MOD - [2014/04/18 09:23:31 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\codecs\qjpcodecs4.dll
MOD - [2014/04/18 09:23:31 | 000,221,952 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\PSListener.dll
MOD - [2014/04/18 09:23:31 | 000,210,432 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\codecs\qtwcodecs4.dll
MOD - [2014/04/18 09:23:31 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\codecs\qcncodecs4.dll
MOD - [2014/04/18 09:23:31 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\codecs\qkrcodecs4.dll
MOD - [2014/04/18 09:23:31 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\imageformats\qico4.dll
MOD - [2014/04/18 09:23:31 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\plugins\imageformats\qgif4.dll
MOD - [2014/04/18 09:23:31 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\libgcc_s_dw2-1.dll
MOD - [2014/04/18 09:23:31 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\airtel internet1\mingwm10.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2009/05/28 09:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/22 05:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/11/19 15:21:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/14 05:36:32 | 000,084,208 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/06/10 11:44:50 | 000,125,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2014/05/27 11:10:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2014/05/27 11:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2013/05/29 18:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2013/05/29 18:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2013/05/27 08:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/23 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/15 08:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2010/04/07 08:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/03/05 21:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 21:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 21:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/02/18 10:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/10/09 23:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2015/01/17 17:22:01 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/15 13:33:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/08/06 15:35:36 | 000,559,872 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Lenovo\easyplussdk\bin\EPHotspot64.exe -- (Lenovo EasyPlus Hotspot)
SRV - [2014/08/01 04:27:07 | 000,432,384 | ---- | M] () [Auto | Running] -- C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe -- (ZDServ)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/06/18 10:01:52 | 000,024,560 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2014/03/21 01:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/15 01:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/24 21:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2008/01/10 23:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)
DRV:64bit: - [2014/11/22 03:26:04 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/19 15:24:15 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/19 15:24:14 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/19 15:24:14 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/19 15:24:13 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/19 15:24:13 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/19 15:24:12 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/19 15:24:09 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/14 05:36:32 | 000,060,112 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/11/03 02:10:11 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/10/02 05:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/24 01:23:00 | 000,460,528 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/11/23 11:06:24 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ztembbusbser6k.sys -- (ZTEusbser6K)
DRV:64bit: - [2012/11/23 11:06:16 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ztembbusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2012/11/23 11:06:10 | 000,123,264 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ztembbusbmdm.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2012/11/22 20:05:58 | 000,015,360 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ztembbmassfilter.sys -- (massfilter)
DRV:64bit: - [2012/08/23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 15:01:32 | 000,167,040 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 04:34:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV:64bit: - [2010/09/08 00:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/24 21:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/04/16 22:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/03/18 09:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/12 11:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 00:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/15 23:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/15 07:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/15 07:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/15 07:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/07 19:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/12/07 19:36:48 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/11/30 09:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/10/12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/10/09 23:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/09 23:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/02 05:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/11 00:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 00:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 00:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 08:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3E23E7EC-207E-44BD-AF1F-7FA2C416AD51}
IE:64bit: - HKLM\..\SearchScopes\{3E23E7EC-207E-44BD-AF1F-7FA2C416AD51}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {4F1F580E-D1D0-40EB-A4C9-22F413B57D43}
IE - HKLM\..\SearchScopes\{4F1F580E-D1D0-40EB-A4C9-22F413B57D43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {2B139477-2F2D-4E96-97F2-09FA6603EBE1}
IE - HKCU\..\SearchScopes\{2B139477-2F2D-4E96-97F2-09FA6603EBE1}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{4F1F580E-D1D0-40EB-A4C9-22F413B57D43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{AC93BE7B-5A09-4692-98AE-EE0367CCB3D8}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - prefs.js..keyword.url: "http://search.yahoo....8484&ilc=12&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\pc\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/19 13:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/19 13:33:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/18 15:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/11/24 16:27:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/09/19 11:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2015/01/15 19:06:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profiles\n9ohi0rp.default-1398286782651\extensions
[2014/12/22 14:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profilesn9ohi0rp.default-1398286782651\extensions
[2014/12/22 14:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Firefox\Profilesn9ohi0rp.default-1398286782651\extensions\staged
[2015/01/15 19:06:36 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\firefox\profiles\n9ohi0rp.default-1398286782651\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/17 17:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/17 17:22:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_96.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U40 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.400.43 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\amcfkcmgenemckhnbodhgmakhodjhkae\2012.3.13_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagknoiagpifjfbempgignagkejmkljm\0.8.17_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc\0.4.4_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeffkdcbmggkbkedhbjemcpmgfccpil\1.77_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.16.3_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_1\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijbnajmkoalaoooodnmfecbbnecmhhid\1.9.60_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac\1.6_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke\2.0_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.245_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd\1.6_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp\6.0.12_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\2.1.0.0_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.2.6_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [{D53F6001-D5EC-44CD-A5C2-6DE16E9F3763}] C:\Program Files (x86)\airtel internet1\UUShell.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CancelAutoPlay] C:\Program Files (x86)\airtel internet1\CancelAutoPlay.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641AE9B6-2F97-4088-8F9E-C81065DC2D59}: NameServer = 172.16.15.5 172.16.15.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69F37AA7-B8B2-46BA-894E-652A7CBD5250}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C07E5EE-DAE5-4B2A-9C57-33BBED419456}: NameServer = 212.49.70.22 196.202.198.45
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E7182C6-7F07-41D2-94FE-CBE9750AF7CA}: NameServer = 172.16.15.5 172.16.15.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E9EF113-7553-486B-BC3B-899AEF86CCD0}: NameServer = 172.16.15.6 172.16.15.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9FC7E95-A270-43CF-AC27-AAD62DA750E9}: NameServer = 212.49.70.22 196.202.198.45
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/18 14:10:13 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 19:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{3578c1b8-50dc-11e3-a40e-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{3578c1b8-50dc-11e3-a40e-001e101f2b52}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{40054ed4-fd79-11df-93ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40054ed4-fd79-11df-93ac-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/11 00:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{43330b7d-30b4-11e3-a6d2-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{43330b7d-30b4-11e3-a6d2-60eb6996c45c}\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe -- [2014/08/01 12:27:07 | 000,425,728 | R--- | M] ()
O33 - MountPoints2\{45267782-31c2-11e3-b035-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{45267782-31c2-11e3-b035-001e101f8ed0}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7aac3cd9-30b6-11e3-8b1b-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{7aac3cd9-30b6-11e3-8b1b-60eb6996c45c}\Shell\AutoRun\command - "" = E:\Windows\AutoRun.exe -- [2014/08/01 12:27:07 | 000,425,728 | R--- | M] ()
O33 - MountPoints2\{85147fb2-30bd-11e3-8baf-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{85147fb2-30bd-11e3-8baf-60eb6996c45c}\Shell\AutoRun\command - "" = E:\Windows/AutoRun.exe -- [2014/08/01 12:27:07 | 000,425,728 | R--- | M] ()
O33 - MountPoints2\{b237f82b-3fbd-11e3-9295-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{b237f82b-3fbd-11e3-9295-60eb6996c45c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eb20ac59-7f55-11e4-a29b-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{eb20ac59-7f55-11e4-a29b-001e101f79c9}\Shell\AutoRun\command - "" = E:\Windows/AutoRun.exe -- [2014/08/01 12:27:07 | 000,425,728 | R--- | M] ()
O33 - MountPoints2\{eb20ac76-7f55-11e4-a29b-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{eb20ac76-7f55-11e4-a29b-001e101f79c9}\Shell\AutoRun\command - "" = E:\Windows/AutoRun.exe -- [2014/08/01 12:27:07 | 000,425,728 | R--- | M] ()
O33 - MountPoints2\{fc25cccd-3193-11e3-8b37-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{fc25cccd-3193-11e3-8b37-60eb6996c45c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fc25cce1-3193-11e3-8b37-60eb6996c45c}\Shell - "" = AutoRun
O33 - MountPoints2\{fc25cce1-3193-11e3-8b37-60eb6996c45c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/17 17:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/17 16:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TargetGenerator
[2015/01/17 16:10:20 | 000,000,000 | ---D | C] -- C:\Windows\Target Generator
[2015/01/11 02:50:51 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Springly
[2015/01/11 02:50:49 | 000,000,000 | -HSD | C] -- C:\Users\pc\AppData\Local\icsxml
[2015/01/11 02:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2015/01/11 02:14:04 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\springly
[2014/12/25 20:04:34 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/24 19:12:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/22 14:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\ReviverSoft
[2014/12/22 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\RHEng
[2014/12/22 14:42:00 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\OpenCandy
[2014/12/22 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2014/12/22 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\uTorrent
[2014/12/22 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\WebTest
[2014/12/22 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Old Firefox Data
[2014/12/22 04:51:53 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\MoonGlow_by_minhtrimatrix
[2014/12/22 03:28:22 | 000,000,000 | ---D | C] -- C:\Users\pc\Documents\Rainmeter
[2014/12/22 03:28:22 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Rainmeter
[2014/12/22 03:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2013/09/19 13:55:45 | 017,746,824 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\flashplayer11-8_install_win_pi.exe
[2013/09/19 13:32:05 | 038,501,472 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealPlayer.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/20 18:22:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2015/01/20 18:13:02 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2015/01/20 18:05:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-198305165-1305892097-2729522632-1000UA.job
[2015/01/20 17:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/20 15:05:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-198305165-1305892097-2729522632-1000Core.job
[2015/01/20 13:04:23 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 13:04:23 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/20 12:55:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/20 12:54:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/20 12:54:48 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/19 05:49:22 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/19 05:49:22 | 000,663,078 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/19 05:49:22 | 000,122,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/11 02:50:49 | 000,000,038 | -HS- | M] () -- C:\Users\pc\AppData\Local\9d79c3153f8f90cc74501.90881086
[2015/01/07 16:38:17 | 537,799,774 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/05 13:20:57 | 000,003,728 | ---- | M] () -- C:\Users\pc\Documents\linkedin report.csv
[2015/01/05 13:17:04 | 000,005,288 | ---- | M] () -- C:\Users\pc\Documents\report.csv
[2015/01/03 19:13:08 | 000,095,131 | ---- | M] () -- C:\Users\pc\Documents\FanpageKarma_Summary_1-3-15.pdf
[2014/12/22 21:31:07 | 000,007,604 | ---- | M] () -- C:\Users\pc\AppData\Local\Resmon.ResmonCfg
[2014/12/22 03:28:15 | 000,001,701 | ---- | M] () -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/01/11 02:50:49 | 000,000,038 | -HS- | C] () -- C:\Users\pc\AppData\Local\9d79c3153f8f90cc74501.90881086
[2015/01/07 16:38:17 | 537,799,774 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2015/01/05 13:20:56 | 000,003,728 | ---- | C] () -- C:\Users\pc\Documents\linkedin report.csv
[2015/01/05 13:17:03 | 000,005,288 | ---- | C] () -- C:\Users\pc\Documents\report.csv
[2015/01/03 19:13:06 | 000,095,131 | ---- | C] () -- C:\Users\pc\Documents\FanpageKarma_Summary_1-3-15.pdf
[2014/12/22 11:16:29 | 000,356,969 | ---- | C] () -- C:\Users\pc\Documents\Sample Social Media Strategy.pdf
[2014/12/22 03:28:15 | 000,001,701 | ---- | C] () -- C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2014/12/22 03:28:15 | 000,001,677 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[2014/06/21 12:49:51 | 000,003,584 | ---- | C] () -- C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/01 01:09:32 | 000,007,604 | ---- | C] () -- C:\Users\pc\AppData\Local\Resmon.ResmonCfg
[2013/10/22 08:38:28 | 000,001,460 | ---- | C] () -- C:\Users\pc\AppData\Local\recently-used.xbel
[2013/10/16 10:16:51 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 05:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 04:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/24 12:26:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\AVAST Software
[2013/11/03 01:39:57 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\IObit
[2014/12/22 14:42:00 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\OpenCandy
[2013/10/21 02:37:02 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\PhotoScape
[2014/12/22 03:28:23 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Rainmeter
[2014/12/22 14:42:17 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\RHEng
[2013/12/07 19:27:35 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SoftGrid Client
[2015/01/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Springly
[2013/11/03 03:02:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\SystemRequirementsLab
[2013/09/19 10:02:55 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\The Creative Engine Limited
[2011/06/19 20:02:21 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\TP
[2014/06/26 16:32:48 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Ulead Systems
[2014/12/22 17:18:59 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\uTorrent
[2014/12/22 14:35:33 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\WebTest
[2013/10/09 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\pc\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

Something strange in your Chrome browser.  A large number of extensions without names.  Can't tell what they are and can't do much about them with our tools.  You might want to create a new Chrome profile:

 

https://support.goog...er/142059?hl=en

 

Otherwise there is an autorun on E.\  Don't know what it does.  Rather odd thing.  It's formatted like  a CD but it only has 60 Meg of space.  Is that from your Airtel?

 

 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     

    Download aswMBR.exe  to your desktop.
    Right click aswMBR.exe and Run as Administrator
    uncheck trace disk IO calls
    Click the "Scan" button to start scan (Accept the Avast Engine)
    On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
    If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
     
    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
     
    :!: Turn off your screen saver so you can see what is going on
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Rightclick on ComboFix and select Run As Administrator to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
    If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
    If you get an error about a registry value when you try to run a program, then just reboot to clear it.
     
    Download TDSSKiller:
    Save it to your desktop then run it by right clicking and Run As Admin.
     
     
    If TDSSKiller alerts you that the system needs to reboot, please consent.
     
    Run TDSSKiller again but this time:
    before you hit the Scan  hit  Change Parameters and check the two items under Additional Options. OK then Scan.
    In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
    When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
     
     

     

    I would also let Avast run a boot-time scan tonight while you sleep to make sure there is nothing we can't see going on:

     

    How to do a boot-time scan while you sleep:
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP