Sorry I replied so late, it took me a few days to finish...
AdwCleaner: # AdwCleaner v2.306 - Logfile created 08/17/2013 at 23:24:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista Business Service Pack 2 (32 bits)
# User : Darci - JBH1
# Boot Mode : Normal
# Running from : C:\Users\Darci\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : IBUpdaterService
Stopped & Deleted : Updater By SweetPacks
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\Windows\system32\jmdp
Deleted on reboot : C:\Windows\system32\Zynga
Deleted on reboot : C:\Windows\system32\Zynga
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Darci\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Darci\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\jbh-1\AppData\Local\Babylon
Folder Deleted : C:\Users\jbh-1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\jbh-1\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\jbh-1\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jbh-1\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\jbh-1\AppData\Roaming\Babylon
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16502
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={BDFB4E99-CEFC-11E2-A45A-001AA085B0DA} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={BDFB4E99-CEFC-11E2-A45A-001AA085B0DA} --> hxxp://www.google.com
-\\ Google Chrome v [Unable to get version]
File : C:\Users\jbh-1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.50] : icon_url = "hxxp://cdn.web.sweetim.com/toolbarff/searchplugin/bing.ico",
Deleted [l.53] : keyword = "start.sweetim.com",
Deleted [l.57] : search_url = "hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={BDFB4E99-CEFC-11E2-A45[...]
*************************
AdwCleaner[S1].txt - [16907 octets] - [17/08/2013 23:24:43]
########## EOF - C:\AdwCleaner[S1].txt - [16968 octets] ##########
Junkware Removal Tool:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.9 (08.17.2013:3)
OS: Windows Vista Business x86
Ran by Darci on Sat 08/17/2013 at 23:47:10.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 23:53:08.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR: aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-18 01:00:33
-----------------------------
01:00:33.144 OS Version: Windows 6.0.6002 Service Pack 2
01:00:33.144 Number of processors: 2 586 0xF0D
01:00:33.145 ComputerName: JBH1 UserName:
01:00:35.326 Initialize success
01:01:16.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:01:16.297 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
01:01:16.491 Disk 0 MBR read successfully
01:01:16.494 Disk 0 MBR scan
01:01:16.497 Disk 0 Windows VISTA default MBR code
01:01:16.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 15 MB offset 63
01:01:16.537 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 32768
01:01:16.576 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223401 MB offset 30752768
01:01:16.581 Disk 0 scanning sectors +488278016
01:01:16.951 Disk 0 scanning C:\Windows\system32\drivers
01:01:50.125 Service scanning
01:02:42.868 Modules scanning
01:03:10.259 Scan finished successfully
01:04:06.760 Disk 0 MBR has been saved successfully to "C:\Users\Darci\Desktop\MBR.dat"
01:04:06.778 The log file has been saved successfully to "C:\Users\Darci\Desktop\aswMBR.txt"
ComboFix ran and at end did not create a ComboFix.txt but instead created a "log.txt' which is below:ComboFix 13-08-16.03 - Darci 08/18/2013 1:17.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2022.717 [GMT -7:00]
Running from: c:\users\Darci\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-
6E49CB52ECD9}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Pandora\Pandora.exe
c:\programdata\DragToDiscUserNameE.txt
c:\programdata\uninstaller.exe
c:\users\Darci\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\_3PQANz2Ryi-9Pv
c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\ojLBX9gu-_h
c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\P9gDh-lgD_
c:\users\jbh-1\AppData\Local\Microsoft\Windows\Temporary Internet Files\txQ__C-Ed
c:\users\jbh-1\AppData\Roaming\.#
c:\users\jbh-1\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\jbh-1\g2mdlhlpx.exe
c:\windows\system32\config\systemprofile\g2ax_customer_downloadhelper_win32_x86.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))))))
.
.
2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----wc:\users\LogMeInRemoteUser\AppData\Local\temp
2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----w- c:\users\jbh-1\AppData\Local\temp
2013-08-18 08:29 . 2013-08-18 08:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-18 06:47 . 2013-08-18 06:47 -------- d-----w- c:\windows\ERUNT
2013-08-18 06:25 . 2013-08-18 06:25 233 ----a-w- c:\windows\DeleteOnReboot.bat
2013-08-15 10:12 . 2013-08-15 10:17 -------- d-----w- c:\windows\system32\MRT
2013-08-15 00:37 . 2013-08-15 00:37 -------- d-----w- c:\users\Darci\AppData\Roaming\AVG2013
2013-08-15 00:36 . 2013-08-15 00:36 -------- d-----w- c:\users\Darci\AppData\Local\AVG SafeGuard
toolbar
2013-08-15 00:35 . 2013-08-15 00:35 -------- d-----w- c:\users\Darci\AppData\Roaming\TuneUp
Software
2013-08-15 00:35 . 2013-08-16 01:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-15 00:35 . 2013-08-15 02:48 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-08-15 00:35 . 2013-08-18 06:25 -------- d-----w- c:\program files\Common Files\AVG Secure
Search
2013-08-15 00:35 . 2013-08-16 01:41 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-08-15 00:32 . 2013-08-15 00:32 -------- d-----w- C:\$AVG
2013-08-15 00:32 . 2013-08-15 02:29 -------- d-----w- c:\programdata\AVG2013
2013-08-15 00:27 . 2013-08-15 00:42 -------- d-----w- c:\users\Darci\AppData\Local\Avg2013
2013-08-15 00:27 . 2013-08-15 00:27 -------- d-----w- c:\users\Darci\AppData\Local\MFAData
2013-08-14 23:50 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 23:49 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-14 23:49 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-14 23:49 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 23:49 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 23:49 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 23:49 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 23:49 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 23:46 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 23:46 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 23:46 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 23:46 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 21:07 . 2013-08-14 21:46 -------- d-----w- c:\program files\SysTools SQL Recovery -
5.5(Full Version)
2013-08-02 16:01 . 2013-08-07 00:26 -------- d-----w- c:\users\Darci\AppData\Local\VirtualStore
2013-07-31 21:20 . 2013-07-31 21:20 -------- d-----w- c:\users\Darci\AppData\Local\Microsoft Help
2013-07-31 19:16 . 2013-07-31 19:16 -------- d-----w- c:\users\Darci\AppData\Local\Citrix
2013-07-25 22:54 . 2013-07-25 22:54 -------- d-----wc:\users\Darci\AppData\Roaming\com.pandora.desktop
2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\windows\system32\drivers\MCLIENT
2013-07-25 22:50 . 2013-07-25 22:50 -------- d-----w- c:\program files\Norton Management
2013-07-25 22:49 . 2013-03-05 02:14 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-07-25 22:44 . 2013-08-18 08:31 -------- d-----w- c:\users\Darci\AppData\Local\CrashDumps
2013-07-25 22:39 . 2013-07-25 22:39 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\windows\system32\drivers\NIS
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\program files\Norton Internet Security
2013-07-25 22:38 . 2013-07-25 22:50 -------- d-----w- c:\program files\NortonInstaller
2013-07-25 22:38 . 2013-07-25 22:38 -------- d-----w- c:\programdata\NortonInstaller
2013-07-23 11:16 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows
Defender\Definition Updates\{D1D01992-1F20-427E-8D0F-AFC785995EB7}\mpengine.dll
2013-07-20 08:51 . 2013-07-20 08:51 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 08:50 . 2013-07-20 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 08:50 . 2013-07-20 08:50 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 08:50 . 2013-07-20 08:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-19 22:28 . 2004-11-21 01:37 266324 ----a-w- c:\program files\Uninstall
Information\NetMass\SGService.exe
2013-07-19 22:28 . 2013-07-19 22:28 -------- d-----w- c:\program files\NetMass
2013-07-19 22:28 . 2013-07-19 22:27 824064 ----a-w- c:\program files\Uninstall
Information\NetMass\unins000.exe
2013-07-19 21:48 . 2013-07-19 21:48 -------- d-----w- c:\users\Darci\temp
2013-07-19 21:48 . 2013-07-19 21:48 -------- d-----w- c:\users\Darci\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 08:32 . 2013-07-10 08:32 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 08:45 . 2013-07-01 08:45 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-11 20:48 . 2012-04-15 19:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 20:48 . 2011-06-02 21:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 16:42 . 2013-06-07 16:41 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 16:42 . 2013-06-09 18:02 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-06-04 16:50 . 2008-07-26 17:44 286720 ------w- c:\windows\Setup1.exe
2013-06-04 16:50 . 2008-07-26 17:44 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-06-04 16:48 . 2013-06-04 16:48 251472 ----a-w- c:\windows\system32\temp.00B
2013-06-04 16:48 . 2013-06-04 16:48 115920 ----a-w- c:\windows\system32\temp.00A
2013-06-04 16:46 . 2013-06-04 16:46 140288 ----a-w- c:\windows\system32\temp.009
2013-06-04 16:45 . 2013-06-04 16:45 1142776 ----a-w- c:\windows\system32\temp.008
2013-06-04 01:50 . 2013-07-10 15:42 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06 . 2013-07-10 15:41 505344 ----a-w- c:\windows\system32\qedit.dll
2013-05-22 15:21 . 2013-05-22 15:21 4325376 ----a-w- c:\programdata\ReadOnlyInstaller.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
[2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"EpsonAPD4SV"="c:\program files\EPSON\EPSON Advanced Printer Driver
4\Tools\EAPSV\EAPSV.EXE" [2008-05-02 210304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2013-04-30 63048]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
.
c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Transcend.LNK - c:\program files\Prosolutions\Transcend.exe [2012-7-12 53805056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PCCharge Payment Server.lnk - c:\active-charge\Active-Charge.Exe [2011-11-1 19103744]
SystemSafePro.lnk - c:\program files\NetMass\SystemSafePro\bin\SGTray.exe [2013-7-19 2629632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 20:24 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EpsonAPD4SV]
2008-05-02 18:13 210304 ----a-w- c:\program files\EPSON\EPSON Advanced Printer Driver
4\Tools\EAPSV\EAPSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 18:37 81920 ----a-w- c:\program files\Common
Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 07:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2013-04-30 17:57 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM07Mon.exe]
2007-07-20 00:00 36864 ----a-w- c:\windows\OEM07Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3697875056-3224753802-
395575746-1000]
"EnableNotificationsRef"=dword:00000003
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetworkREG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 20:48]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-
1000Core.job
- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-
1000UA.job
- c:\users\jbh-1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/
AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Darci - Shortcut.lnk -
c:\program files\Prosolutions\Darci.exe
c:\users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk -
c:\program files\Pandora\Pandora.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-BrStsWnd - c:\program files\Brownie\BrstsWnd.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec
Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
AddRemove-{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1 - c:\program files\Updater By
SweetPacks\unins000.exe
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} -
c:\users\Darci\AppData\Local\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-08-18 01:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MCLIENT]
"ImagePath"="\"c:\program files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m
\"c:\program files\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m
\"c:\program files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
Completion time: 2013-08-18 01:35:10
ComboFix-quarantined-files.txt 2013-08-18 08:35
.
Pre-Run: 127,570,608,128 bytes free
Post-Run: 146,805,506,048 bytes free
.
- - End Of File - - 6FBE03D9D22111D0B44E4A1FB922BC41
5C616939100B85E558DA92B899A0FC36
TDDSKiller did not ask to restart and after scan (detected 9 threats but none were TDSS therefore did not delete anything). And it did not create a TDDSKiller.txt log file.
2nd try, restarted computer on my own, and reran scan, same detection and no TDSSKiller.txt log file.
Malwarebytes: Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.18.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Darci :: JBH1 [administrator]
Protection: Enabled
8/18/2013 10:29:12 AM
mbam-log-2013-08-18 (10-29-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285492
Time elapsed: 13 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\1878e18.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
(end)
VEW SYSTEM: Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/08/2013 10:50:54 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/08/2013 12:06:59 AM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 73000. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 19/08/2013 12:06:06 AM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 11:51:58 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 58388. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 11:43:48 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 11:41:54 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30968. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 11:12:58 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 78240. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 11:12:09 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 10:49:18 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 10:48:51 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:42:45 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 63752. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:41:35 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:38:37 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:37:46 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:11:34 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 47108. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:07:34 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document Test Page, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 84428. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:04:54 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document Test Page, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 84428. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:01:05 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 56944. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:00:45 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 9:00:06 PM
Type: Error Category: 0
Event: 6161 Source: Microsoft-Windows-PrintSpooler
The document ProSolutions, owned by Darci, failed to print on printer EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0. The operation completed successfully.
Log: 'System' Date/Time: 18/08/2013 8:53:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/08/2013 8:53:49 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: Server Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
Log: 'System' Date/Time: 18/08/2013 8:30:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/08/2013 8:30:56 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll
Log: 'System' Date/Time: 18/08/2013 8:30:54 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: Server Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
Log: 'System' Date/Time: 18/08/2013 8:08:30 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 18/08/2013 8:08:27 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll
VEW APPLICATION: Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/08/2013 10:52:56 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/08/2013 2:31:18 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bf3408e3-1ba5-471c-8306-e98c6c836cc0}
Log: 'Application' Date/Time: 19/08/2013 2:30:10 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.
Operation:
OnIdentify event
Gathering Writer Data
Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {bf3408e3-1ba5-471c-8306-e98c6c836cc0}
Log: 'Application' Date/Time: 18/08/2013 8:53:49 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 18/08/2013 8:30:53 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/08/2013 8:30:50 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008_Classes:
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Log: 'Application' Date/Time: 18/08/2013 8:30:49 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008:
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008
Process 2296 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008\Software\Microsoft\Direct3D
Log: 'Application' Date/Time: 18/08/2013 8:07:41 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008_Classes:
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES
Process 1740 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Log: 'Application' Date/Time: 18/08/2013 8:07:36 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3697875056-3224753802-395575746-1008:
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008
Process 500 (\Device\HarddiskVolume3\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-3697875056-3224753802-395575746-1008\Software\Microsoft\Direct3D
OTL:
OTL logfile created on: 8/18/2013 10:59:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.87% Memory free
4.18 Gb Paging File | 2.43 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 137.89 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS
Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/08/15 18:41:22 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/08/15 10:54:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darci\Desktop\OTL.exe
PRC - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2013/04/30 10:57:02 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe
PRC - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
PRC - [2011/08/11 15:31:44 | 019,103,744 | ---- | M] (VeriFone, Inc.) -- C:\Active-Charge\Active-Charge.Exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) -- C:\Windows\System32\lmabcoms.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
PRC - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
========== Modules (No Company Name) ========== MOD - [2013/06/12 14:57:42 | 013,140,872 | ---- | M] () -- C:\Users\Darci\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/22 22:44:07 | 000,393,168 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/22 22:43:59 | 004,051,408 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/22 22:43:03 | 001,597,392 | ---- | M] () -- C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/07/09 15:02:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\ssleay32.dll
MOD - [2003/07/09 15:01:56 | 000,843,776 | ---- | M] () -- C:\Windows\System32\libeay32.dll
MOD - [2002/08/01 17:00:20 | 000,729,088 | ---- | M] () -- C:\Windows\System32\SaxComm8.ocx
MOD - [1995/11/05 21:39:08 | 000,158,720 | ---- | M] () -- C:\Windows\System32\vsview32.ocx
========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2013/08/15 18:41:22 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/06/11 13:48:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/08 09:42:32 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/08 09:42:18 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/04/30 10:57:02 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/02 19:11:42 | 017,598,464 | ---- | M] () [Auto | Running] -- C:\Program Files\NetMass\SystemSafePro\bin\StoreGrid.exe -- (SystemSafePro)
SRV - [2012/10/10 11:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Management\Engine\3.2.0.19\ccSvcHst.exe -- (MCLIENT)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/10/06 21:19:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lmabcoms.exe -- (lmab_device)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/07/24 19:26:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/22 08:15:38 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe -- (EpsonPOSPort)
SRV - [2008/04/12 05:10:48 | 000,290,816 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe -- (EpsonPOSLog)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Darci\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/08/16 11:40:54 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130818.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/16 11:40:54 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130818.004\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/15 18:41:22 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/25 15:10:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/07/25 11:29:09 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/25 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/06/08 09:42:20 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys -- (SymEFA)
DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys -- (SymDS)
DRV - [2013/05/20 21:41:34 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/30 10:57:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2013/04/30 10:57:02 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/04/24 17:43:56 | 000,352,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv)
DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 19:14:18 | 000,036,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys -- (SymIRON)
DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/10/03 10:19:14 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys -- (ccSet_MCLIENT)
DRV - [2011/09/22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2009/07/17 16:53:38 | 000,080,384 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 19:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 19:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/17 14:52:30 | 000,046,336 | ---- | M] (SEIKO EPSON Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMUSBXP.SYS -- (TMUSB)
DRV - [2007/07/19 17:00:00 | 000,235,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vid.sys -- (OEM07Vid)
DRV - [2007/05/17 17:00:04 | 000,014,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLACPI.sys -- (DLXPDisplayName)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM07Vfx.sys -- (OEM07Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [1997/06/12 10:53:18 | 000,026,304 | ---- | M] (MagTek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\magepnt.sys -- (MagEpNt)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 C4 DD F0 51 61 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ [2013/07/25 15:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2013/08/18 13:52:53 | 000,000,000 | ---D | M]
[2013/06/06 16:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darci\AppData\Roaming\Mozilla\Extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
========== Chrome ========== CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url =
http://start.sweetpa...006.10045&st=23CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: TopArcadeHits = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Darci\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/08/18 01:32:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\Darci\Desktop\programs\avg_remover_stf_x86_2011_1184.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Transcend.LNK = C:\Program Files\Prosolutions\Transcend.exe (ProSolutions Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F11415F7-59E8-48A6-AD7A-C3F350698541}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Darci\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg:
Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
Adobe_ID0EYTHM - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
EpsonAPD4SV - hkey= - key= - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.exe (SEIKO EPSON CORPORATION)
MsConfig - StartUpReg:
GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg:
ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg:
ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg:
iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg:
LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg:
OEM07Mon.exe - hkey= - key= - C:\Windows\OEM07Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg:
WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDBDD92C-CE4B-88C0-8EEB-269341ED0036} - Microsoft Windows Media Player
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/08/18 22:59:33 | 000,358,507 | ---- | C] (Farbar) -- C:\Users\Darci\Desktop\FSS.exe
[2013/08/18 10:23:29 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\Malwarebytes
[2013/08/18 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/18 10:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/18 10:23:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/18 10:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/18 01:35:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/18 01:35:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/18 01:11:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/18 01:11:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/18 01:11:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/18 01:09:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/18 01:08:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/18 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Files to post
[2013/08/17 23:47:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/17 23:44:35 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\programs
[2013/08/17 23:44:16 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Files posted
[2013/08/15 03:12:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 03:02:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/15 03:02:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/15 03:02:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/15 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/15 03:02:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/15 03:02:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/15 03:02:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/15 03:02:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 17:37:39 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\AVG2013
[2013/08/14 17:36:37 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\AVG SafeGuard toolbar
[2013/08/14 17:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/14 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\TuneUp Software
[2013/08/14 17:35:21 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/14 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/08/14 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/08/14 17:35:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/08/14 17:32:38 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/08/14 17:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\MFAData
[2013/08/14 17:27:55 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Avg2013
[2013/08/14 16:50:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/14 16:49:01 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 16:49:01 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 14:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools SQL Recovery - 5.5(Full Version)
[2013/08/14 14:06:06 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\SysToolsSQLRecovery-5.5_Full
[2013/08/02 09:01:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\VirtualStore
[2013/07/31 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Microsoft Help
[2013/07/31 14:20:15 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\Visual Studio 2005
[2013/07/31 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Darci\Documents\SQL Server Management Studio
[2013/07/31 12:16:19 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\Citrix
[2013/07/25 17:44:54 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Salon Pics
[2013/07/25 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop
[2013/07/25 15:50:30 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.sys
[2013/07/25 15:50:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT
[2013/07/25 15:50:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\MCLIENT\0302000.013
[2013/07/25 15:49:02 | 000,036,512 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2013/07/25 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Local\CrashDumps
[2013/07/25 15:39:27 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:38:58 | 000,352,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys
[2013/07/25 15:38:58 | 000,339,544 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\symnets.sys
[2013/07/25 15:38:58 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.sys
[2013/07/25 15:38:57 | 000,934,488 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.sys
[2013/07/25 15:38:57 | 000,603,224 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys
[2013/07/25 15:38:57 | 000,367,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.sys
[2013/07/25 15:38:57 | 000,175,264 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\Ironx86.sys
[2013/07/25 15:38:57 | 000,134,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.sys
[2013/07/25 15:38:57 | 000,032,344 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2013/07/25 15:38:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1404000.028
[2013/07/25 15:38:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/07/25 15:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/07/25 15:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/07/25 15:33:33 | 000,000,000 | ---D | C] -- C:\Users\Darci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/07/20 16:14:24 | 000,000,000 | ---D | C] -- C:\Users\Darci\Desktop\Client Follow Up Survey
[2013/07/20 01:51:00 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
========== Files - Modified Within 30 Days ========== [2013/08/18 22:59:36 | 000,358,507 | ---- | M] (Farbar) -- C:\Users\Darci\Desktop\FSS.exe
[2013/08/18 22:54:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000UA.job
[2013/08/18 22:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/18 21:32:53 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 21:32:53 | 000,005,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 17:37:35 | 000,000,020 | ---- | M] () -- C:\Users\Darci\LASTDATE.DAT
[2013/08/18 13:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/18 10:23:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/18 09:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3697875056-3224753802-395575746-1000Core.job
[2013/08/18 01:50:59 | 000,000,680 | ---- | M] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/08/18 01:32:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/17 23:30:26 | 000,000,496 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/08/17 23:25:28 | 000,000,233 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/15 18:41:22 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/15 03:38:54 | 002,447,589 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/08/15 03:06:31 | 000,673,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 03:06:31 | 000,130,308 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/14 17:35:46 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 14:52:19 | 011,468,800 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:17 | 121,634,816 | ---- | M] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 11:52:36 | 000,002,368 | ---- | M] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/10 13:09:35 | 000,021,555 | ---- | M] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:57 | 000,002,048 | ---- | M] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | M] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | M] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/08/01 10:13:33 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/25 15:58:19 | 000,000,919 | ---- | M] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:39:27 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/07/25 15:39:27 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:33:33 | 000,000,865 | ---- | M] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/07/24 19:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/24 19:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/24 19:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/24 19:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/24 19:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/24 19:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/24 19:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/24 19:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
========== Files Created - No Company Name ========== [2013/08/18 10:23:21 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/18 01:11:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/18 01:11:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/18 01:11:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/18 01:11:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/18 01:11:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/17 23:25:07 | 000,000,233 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/14 17:35:46 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/14 14:53:31 | 011,468,800 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI_log.ldf
[2013/08/14 14:18:46 | 121,634,816 | ---- | C] () -- C:\Users\Darci\Desktop\JBHPSI.mdf
[2013/08/14 11:52:35 | 000,002,368 | ---- | C] () -- C:\{19DB77B1-628A-47E8-9324-106436D7E689}
[2013/08/10 13:09:32 | 000,021,555 | ---- | C] () -- C:\Users\Darci\Desktop\LOGO small.jpg
[2013/08/08 10:55:56 | 000,002,048 | ---- | C] () -- C:\{482717E4-CC36-412F-8A24-F2DAFE459CAF}
[2013/08/01 14:04:31 | 000,000,104 | ---- | C] () -- C:\Users\Darci\Desktop\Computer - Shortcut.lnk
[2013/08/01 10:57:10 | 000,003,464 | ---- | C] () -- C:\{C4E7F4FE-1156-4F73-B808-9D2765CE3BF5}
[2013/07/29 18:09:02 | 000,000,680 | ---- | C] () -- C:\Users\Darci\AppData\Local\d3d9caps.dat
[2013/07/25 17:05:30 | 000,014,818 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\VT20130115.021
[2013/07/25 15:58:19 | 000,000,919 | ---- | C] () -- C:\Users\Darci\Application Data\Microsoft\Internet Explorer\Quick Launch\Transcend.LNK
[2013/07/25 15:50:27 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.cat
[2013/07/25 15:50:27 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\ccSetx86.inf
[2013/07/25 15:50:27 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\MCLIENT\0302000.013\isolate.ini
[2013/07/25 15:39:32 | 002,447,589 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB
[2013/07/25 15:39:27 | 000,007,611 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/07/25 15:39:27 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/07/25 15:39:17 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/07/25 15:38:49 | 000,003,434 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.inf
[2013/07/25 15:38:49 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.inf
[2013/07/25 15:38:49 | 000,001,468 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNetV.inf
[2013/07/25 15:38:49 | 000,001,440 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.inf
[2013/07/25 15:38:49 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.inf
[2013/07/25 15:38:49 | 000,001,388 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.inf
[2013/07/25 15:38:49 | 000,000,996 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symELAM.inf
[2013/07/25 15:38:49 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccSetx86.inf
[2013/07/25 15:38:49 | 000,000,737 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\Iron.inf
[2013/07/25 15:38:48 | 000,014,818 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymVTcer.dat
[2013/07/25 15:38:48 | 000,009,670 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymELAM.cat
[2013/07/25 15:38:48 | 000,008,067 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymNet.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymDS.cat
[2013/07/25 15:38:48 | 000,008,059 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.cat
[2013/07/25 15:38:48 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\symnetv.cat
[2013/07/25 15:38:48 | 000,007,667 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.cat
[2013/07/25 15:38:48 | 000,007,593 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\iron.cat
[2013/07/25 15:38:48 | 000,007,583 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\SymEFA.cat
[2013/07/25 15:38:48 | 000,007,581 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.cat
[2013/07/25 15:38:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini
[2013/07/25 15:33:33 | 000,000,865 | ---- | C] () -- C:\Users\Darci\Desktop\Norton Installation Files.lnk
[2013/06/04 15:03:53 | 000,000,020 | ---- | C] () -- C:\Users\Darci\LASTDATE.DAT
[2013/06/04 13:31:47 | 000,003,584 | ---- | C] () -- C:\Users\Darci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 11:24:31 | 000,000,160 | ---- | C] () -- C:\Users\Darci\PTRASIGN.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\WSNUMBER.DAT
[2013/06/04 11:24:15 | 000,000,000 | ---- | C] () -- C:\Users\Darci\REGNUMBR.DAT
[2012/12/02 13:06:48 | 000,000,125 | ---- | C] () -- C:\Windows\System32\mspcu.dll
[2012/11/04 01:48:29 | 000,190,608 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/07/02 12:23:46 | 000,000,135 | ---- | C] () -- C:\Windows\System32\mspcea.dll
[2012/03/14 09:57:58 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/10/27 15:52:58 | 000,401,408 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2011/10/27 15:52:26 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll
[2011/10/27 15:52:25 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll
[2011/10/27 15:52:22 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll
[2011/10/27 15:52:21 | 001,040,384 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll
[2011/10/27 15:52:21 | 000,479,232 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll
[2011/10/27 15:52:20 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll
[2011/10/27 15:52:20 | 000,450,560 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll
[2011/10/27 15:52:19 | 000,905,216 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll
[2011/10/27 15:52:19 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll
[2011/10/27 15:52:18 | 000,593,920 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe
[2011/10/27 15:52:18 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll
[2011/10/27 15:52:18 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll
[2011/10/27 15:52:17 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll
[2011/10/27 15:51:12 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll
[2011/10/27 15:51:09 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll
[2009/07/31 17:18:12 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
========== ZeroAccess Check ========== [2006/11/02 05:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3250820AS ATA Device
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 16.00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 16777216
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 218.00GB
Starting Offset: 15745417216
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2013/06/04 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Adobe
[2013/06/16 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Apple Computer
[2013/08/14 17:37:39 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\AVG2013
[2013/07/25 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop
[2013/06/04 12:04:38 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2013/06/04 11:23:39 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Identities
[2009/08/02 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Macromedia
[2013/08/18 10:23:29 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Malwarebytes
[2013/08/14 14:23:17 | 000,000,000 | --SD | M] -- C:\Users\Darci\AppData\Roaming\Microsoft
[2013/06/06 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\Mozilla
[2013/07/19 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\TeamViewer
[2013/08/14 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\TuneUp Software
[2013/06/04 14:35:49 | 000,000,000 | ---D | M] -- C:\Users\Darci\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/20 19:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 19:25:20 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/28 23:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 19:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:24:28 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/20 19:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 19:24:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/20 19:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 19:24:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/20 19:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 19:25:49 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/20 19:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 19:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jbh-1\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/05/22 22:44:09 | 000,825,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/19 10:16:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2013/07/24 19:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
EXTRAS from OTL:
OTL Extras logfile created on: 8/18/2013 10:59:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darci\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.97 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.87% Memory free
4.18 Gb Paging File | 2.43 Gb Available in Paging File | 58.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.17 Gb Total Space | 137.89 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 4.74 Gb Free Space | 32.37% Space Free | Partition Type: NTFS
Computer Name: JBH1 | User Name: Darci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3697875056-3224753802-395575746-1000]
"EnableNotificationsRef" = 3
"EnableNotifications" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026F8608-CD8B-42F3-9D92-A7D2DF7CB0AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{128B58F3-6DD0-4854-B5BA-1F804C819ED5}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{14700920-D76C-4E35-9141-A91C37DC1DC4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1AFAF7FA-8838-4A92-A4FF-278FD571B0B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CA5EF09-AB03-4FFF-B7BE-E6D464A44EDC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2EADF15D-E31F-4912-B533-368043D51B1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{301E055E-347E-4FE8-B900-3FBCEC2509AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34B72E93-A1F2-4006-B3D6-CB0666C60C53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E0482AE-3283-4BC7-81CD-79785030E066}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{61C9266F-F7FC-4263-8831-5BC4849D9752}" = rport=137 | protocol=17 | dir=out | app=system |
"{63F1FB04-0461-4757-B6EC-D375C0537E10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AF39CA4-853E-4C6D-9A3F-D78AFF2BB2A5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{70858902-6D29-4556-BBE2-E8FF8DDCA8ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70E2F0FD-90BE-47FE-9615-CC63EC0320E4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7736C8D8-DC69-41E2-AE86-8699759D9718}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82E8923E-5813-44A8-AB37-6A3BE05518BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{8CC9A772-9A3D-4933-A074-CC4F268C4D58}" = rport=445 | protocol=6 | dir=out | app=system |
"{941B501E-CFAE-4275-A680-43E666E22A5D}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB775B31-E778-49AA-B3E3-0712EA09B4BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA49823E-D6FE-419E-8125-28DE9460E24F}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{CA57BAC7-D796-483D-ADBC-82D9BCED28DC}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{D878066C-B011-4031-9347-136AB0AFD156}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DB33031B-36DD-4DF5-B42B-EBCBA8D68512}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC8CB7D4-1549-49DB-8373-37072232589C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DDC0DBBA-AAC0-4D55-A241-987B83EC8DAF}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E1B3F551-1F7B-49AB-B8F2-D329B70CA70E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2E03617-6B93-48AC-A05C-2A60DE177AC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E3BC39D4-FD16-4D5C-99AF-434B2CD956BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E62FA6F3-C2B7-4C44-B14C-131046E06B42}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F6908FA3-C827-4378-9310-9910C948D8AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD41BE57-60BD-4BDF-A3DF-2C7CB94500DB}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08433531-5D38-43CC-A45A-9DA628962248}" = protocol=17 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"{0CC891CB-E330-4B94-B342-827E01BCEF03}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{12F34922-09C8-4E0C-9480-D40D09DBF3A1}" = protocol=6 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{15C97474-95B7-4D0F-B12C-F07C7136F031}" = protocol=17 | dir=in | app=c:\windows\system32\dldfcoms.exe |
"{1DAB8AE5-0559-401C-8F41-9422A65154AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1ECDD672-938E-423F-9869-282E6A233C0A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2021E22A-8B50-40D6-89F0-E81AD07E2CC0}" = dir=in | app=c:\windows\system32\lmabcoms.exe |
"{2409CB09-DF5E-4BD6-BA07-4F4375EE3CDE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{255CB4F9-57BE-44F2-AFF6-16BDB4540F43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{259C2206-55E6-4BC8-ABB0-447E434F1CD2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{28BF6FD4-4319-49F3-91CB-D87C0FECD10D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{32D0B035-43CE-48A7-A031-81350367DD4A}" = protocol=6 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{377422BB-B8D6-4361-82C0-216028FC7C30}" = protocol=58 | dir=out |
[email protected],-28546 |
"{38A3C75A-859D-4D25-90EE-CBF57D2A3F34}" = protocol=17 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{3B78B2DA-F6D8-462B-86F2-FBEF4982E580}" = protocol=1 | dir=in |
[email protected],-28543 |
"{5BF34914-34E7-45BD-881D-A1B4CC54CD86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{5FCB1922-5274-44BF-958D-D567CEE3211C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{61344B26-7DFA-417C-81E8-0668D965E84F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{6E82F14D-9FE5-4C53-B1AD-164F0E1C1870}" = protocol=58 | dir=in |
[email protected],-28545 |
"{77F38EB6-9B65-432C-9C3C-A47BA85C2408}" = protocol=58 | dir=in |
[email protected],-148 |
"{83060903-37FC-4EEE-BF4E-8FB4BDEE40D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{847AF153-2010-48A1-B348-7C0661D83F22}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{84E33041-D43E-4221-934F-E90C5E40DF85}" = protocol=1 | dir=out |
[email protected],-28544 |
"{85A7ED42-BDE8-4352-831B-AF812CC86C8C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{862FBBA9-2A0E-4B3D-A828-33A4AC664EE8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A8E70B8C-C009-456E-A3CD-522B7F895EBB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE950484-8C16-4B99-9E15-680728C44709}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AF6CB217-8D03-4534-B880-18113C60FA2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2C97B42-03BE-4BE9-9552-B6E6CE3923E8}" = protocol=6 | dir=in | app=c:\program files\prosalon\prosalon.exe |
"{B3921D3F-A0A3-4EEE-8EFC-9BB6F79D2801}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{B5F7D31D-9944-4095-BBC6-2E7EACA147DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBDF697B-B8A2-4467-9DAD-F6C33B92CA23}" = protocol=17 | dir=in | app=c:\users\jbh-1\appdata\roaming\spotify\spotify.exe |
"{C1DFAA83-0D8D-4EC9-8392-D096E35E973B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C2EA7968-9075-4D9A-B1AE-EA060619F9A8}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CB7F12A9-FDB8-4661-A240-324C57D687A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D0A5BF46-1A4C-4EE1-BF9E-C73F9FFE58DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA8E0499-6AC7-4F57-9321-B4B39BC0D864}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCE1A043-4147-461D-92E1-049A1AA3EDE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DFF72126-326F-41CE-95BF-707582FF0EE6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E450F139-7DBA-4739-8A94-A446A786237D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA4E05D4-360F-4E5F-9840-7D00E1BB9B21}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{EBD5B881-1C84-4F2C-BFB7-9E645E7187F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EC1033F2-BEE4-4DA2-9FD9-B1D2632CB433}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7EEAB4D-442B-4F62-9A92-51A81BACD9AD}" = protocol=6 | dir=in | app=\\jbh3\prosalon\prosalon.exe |
"TCP Query User{1D7C362C-36E6-4704-9563-8002F1D64EA7}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=6 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |
"TCP Query User{2E9FCE75-3F74-4214-942C-DDF68AE51153}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{470DFE71-573C-42CE-92C2-B38C562ECA57}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"TCP Query User{AD748869-49F5-4839-AF70-310EB7F960A5}C:\active-charge\active-charge.exe" = protocol=6 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{4AF232E2-D6AD-46C7-B9D5-79F0D9CC0A24}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{93B51D3C-71EE-4C44-B859-7F767D4A4401}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{9C804C06-BC09-405C-B44B-19EF43F66E0C}C:\active-charge\active-charge.exe" = protocol=17 | dir=in | app=c:\active-charge\active-charge.exe |
"UDP Query User{E37724AA-1196-4F44-A867-6C2A5E4B9ABA}C:\program files\netmass\systemsafepro\apache\apache.exe" = protocol=17 | dir=in | app=c:\program files\netmass\systemsafepro\apache\apache.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{'2D51C647-8D21-4429-82F1-D71BDBE2D4E4'}_is1" = NetMass SystemSafePro
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11FF6AF6-0141-4EF8-829A-989459A1E5D8}" = EPSON Advanced Printer Driver 4
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Click-N-Ship for Business®
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3044BF70-0D39-4F72-B18F-33DA9E82088C}" = DSIClient Version 2.50.3851 - DSIClientX 3.85
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36E0F777-19FE-4454-BB2D-84206758EA85}" = LogMeIn
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DECB2A6-C226-6042-9C2B-83316950D30E}" = Pandora
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87D946F1-3B51-401B-9AF1-BDB5CD84261A}" = PCCharge Payment Server
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{B021A7CC-A7DB-42F8-9E65-17B5B7B169F6}" = Clover DVR
"{B27B646E-76EA-4412-91D8-A4DFDA8AD152}" = LogMeIn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2092A60-CF79-4996-B5E6-98598E1D6696}" = PCCharge Payment Server
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1" = Pandora
"Creative OEM007" = Integrated Webcam Driver (1.00.01.0720)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"NIS" = Norton Internet Security
"PRJPRO" = Microsoft Office Project Professional 2007
"ST6UNST #1" = ProSolutions Software, Inc.
"ST6UNST #2" = ProSolutions Software, Inc. (C:\Program Files\PROSALON\)
"ST6UNST #3" = ProSolutions Software, Inc. (c:\Program Files\PROSALON\) #3
"ST6UNST #4" = ProConfirm
"ST6UNST #5" = ProSolutions Software, Inc. (c:\Program Files\ProSolutions\)
"ST6UNST #6" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #3
"ST6UNST #7" = ProSolutions Software, Inc. (C:\Program Files\ProSolutions\) #4
"VISPRO" = Microsoft Office Visio Professional 2007
"WebDesigner" = Microsoft Expression Web
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 8/18/2013 4:30:53 PM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =
Error - 8/18/2013 4:53:49 PM | Computer Name = jbh1 | Source = WinMgmt | ID = 10
Description =
Error - 8/18/2013 10:30:10 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =
Error - 8/18/2013 10:31:18 PM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =
Error - 8/19/2013 2:02:54 AM | Computer Name = jbh1 | Source = VSS | ID = 8193
Description =
[ OSession Events ]
Error - 9/12/2009 11:58:58 AM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 83085
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/16/2009 12:58:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86786
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/23/2009 12:57:40 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 86675
seconds with 240 seconds of active time. This session ended with a crash.
Error - 11/27/2009 9:13:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 550
seconds with 180 seconds of active time. This session ended with a crash.
Error - 2/28/2010 11:55:47 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 6/23/2010 2:20:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 351
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9/15/2010 11:39:19 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9448
seconds with 180 seconds of active time. This session ended with a crash.
Error - 12/3/2010 6:21:49 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6620
seconds with 2220 seconds of active time. This session ended with a crash.
Error - 12/3/2010 7:06:24 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2664
seconds with 1140 seconds of active time. This session ended with a crash.
Error - 9/18/2011 6:57:39 PM | Computer Name = jbh1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 143
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 8/18/2013 5:42:45 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 63752. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 6:48:51 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 6:49:18 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 7:12:09 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30956. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 7:12:58 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 78240. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 7:41:54 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30968. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 7:43:48 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 60644. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 7:51:58 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 58388. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 8:06:06 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 30960. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
Error - 8/18/2013 8:06:59 PM | Computer Name = jbh1 | Source = Print | ID = 6161
Description = The document ProSolutions, owned by Darci, failed to print on printer
EPSON TM-T88IV Receipt. Try to print the document again, or restart the print spooler.
Data type: NT EMF 1.008. Size of the spool file in bytes: 73000. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client computer: \\JBH1. Win32 error code returned by the print processor: 0.
The operation completed successfully.
< End of report >
FSS:
Farbar Service Scanner Version: 18-08-2013
Ran by Darci (administrator) on 18-08-2013 at 23:24:14
Running from "C:\Users\Darci\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-14 16:49] - [2013-07-04 21:53] - 0905664 ____A (Microsoft Corporation) D18D53974FD715D50FC76F9FFE1C830D
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 16:46] - [2013-07-07 21:16] - 0133120 ____A (Microsoft Corporation) 684C130BBC6DB681BAD4920A4C944AA5
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
I also have a "MBR.dat" file that I don't know where it came from and it doesn't make sense but here's what was in it:3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤Ph Ëû¹ ½¾ €~ | … ƒÅ âñÍ ˆV UÆF ÆF ´A»ªUÍ ]r ûUªu ÷Á t þF f`€~ t&fh fÿv h h |h h ´BŠV ‹ôÍ ŸƒÄ žë ¸ » |ŠV Šv ŠN Šn Í fas þN … €~ € „Š ²€ë‚U2äŠV Í ]ëœ >þ}Uªunÿv èŠ … °Ñædè °ßæ`èx °ÿædèq ¸ »Í f#Àu;f ûTCPAu2 ù r,fh » fh fh fSfSfUfh fh | fah Í Z2öê | Í · ë ¶ ë µ 2ä ‹ð¬< tü» ´ Í ëò+Éädë $ àø$ ÃInvalid partition table Error loading operating system Missing operating system bz™€ Þþ? ? C}
þÿÿ € ÀÔ €þÿÿ þÿÿ @Õ HE Uª
Thank you so much!