The second computer would be used to download a repair program to the usb stick to copy it to the sick computer since it cannot go online. When you're ready..not a problem. We can do it after the weekend if you'd like. I'll be here
only 3.5 GB out of 681GB free on my hard drive [Solved]
#106
Posted 05 November 2013 - 09:17 PM
The second computer would be used to download a repair program to the usb stick to copy it to the sick computer since it cannot go online. When you're ready..not a problem. We can do it after the weekend if you'd like. I'll be here
#107
Posted 06 November 2013 - 10:16 AM
Let's cross out fingers and hope it's this easy. Try this:
Could you go to Start ~> control panel ~> internet options ~> connections ~> LAN settings
Ensure that there is no proxy selected and there is a tick in automatically detect settings
OK your way out and try the internet again.
Please let me know how it goes
#108
Posted 11 November 2013 - 07:25 PM
I'm back in the saddle. The little proxy server box was ticked! I un-ticked it and ticked the automatically detect settings box and restarted but to no avail. When I try to get on the internet it goes to this website:
lab.search.conduit.com/HP/SH/?layid=34&gid=767&ctid=CT3317458&octid=EB_ORIGINAL_CTID&SEARCHSOURCE=55=&CUI=&UM=2&U
and that's all I can read.
As if that isn't enough Win PAtrol asks me if I approve the addition of NCPluginUpdater. I did buy an HP printer in the last 2 weeks and don't know if that's related to that installation or not and I am deathly afraid of adding anything to my start up menu for obvious reasons.
Thanks,
Rich
#109
Posted 13 November 2013 - 09:19 AM
Welcome back Let's see if we can get this squared away:
Step 1.
Junkware Removal Tool
Please download Junkware Removal Tool to your desktop.
• Shut down your protection software now to avoid potential conflicts before you start.
• Run the tool by double-clicking it. Note: If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select Run as Administrator
• The tool will open and start scanning your system, after you press any key to start
Please post the log it produces.
Step 2.
Malwarebytes' Anti-Malware
I'm pretty sure you still have this on your computer, if so, update before starting, and just in case you do not still have it:
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply.
Step 3.
Fresh OTL Scan
• Please right click on Run as Administrator, accept UAC prompts.
• Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• And under Extra Registry check also the radio dial by Use Safelist
• Under in the textbox at the bottom, please paste in the following text:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTOREPOINT]
•Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop
•Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.
When you return, please:
JRT log
Malwarebytes log
OTL log
Extras.txt
Thank you
#110
Posted 13 November 2013 - 07:03 PM
Let me start by saying thank you for being so patient, I really mean it! I disabled my Norton Antivirus Auto-protect as well as the Norton Smart Firewall. JRT log is attached.
I have updated MBAM and run it, MBAM log follows:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.13.13
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Richard :: RICH-HP [administrator]
11/13/2013 6:49:47 PM
mbam-log-2013-11-13 (18-49-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266043
Time elapsed: 3 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\temp\ScorpionSaver.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Richard\AppData\Local\Temp\aPkdHGpX.exe.part (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\5c095.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
(end)
OTL log
and Extras.text
in next posting
Attached Files
Edited by 1324, 13 November 2013 - 08:00 PM.
#111
Posted 13 November 2013 - 08:02 PM
Here are the OTL logs.
Again, thanks a million for all your help!
Rich
OTL logfile created on: 11/13/2013 7:43:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 62.86% Memory free
7.82 Gb Paging File | 6.24 Gb Available in Paging File | 79.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 6.05 Gb Free Space | 0.89% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Computer Name: RICH-HP | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/13 19:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe
PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/04 15:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/08/16 15:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/05/18 18:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/11 17:19:00 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/11 17:18:59 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/11 17:17:45 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll
MOD - [2013/10/11 17:17:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/11 17:17:28 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/10 05:32:01 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 05:31:59 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 05:31:53 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 05:31:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 05:31:48 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/18 03:43:42 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 04:43:48 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 04:43:47 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 04:43:43 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/10 22:09:48 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/12/09 19:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2013/11/03 11:48:41 | 000,507,912 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSIC9D4.tmp -- (Level Quality Watcher)
SRV - [2013/10/09 18:09:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 05:07:29 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/09/02 16:24:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/06/18 05:01:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 02:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/25 23:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/06 20:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 19:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 19:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 02:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 01:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 04:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 05:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 08:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/10 19:23:32 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131113.001\ex64.sys -- (NAVEX15)
DRV - [2013/11/10 19:23:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131113.001\eng64.sys -- (NAVENG)
DRV - [2013/10/28 11:37:14 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131112.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 17:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/27 04:59:39 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 04:59:39 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 17:16:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50042;https=127.0.0.1:50042
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/11/13 19:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/08/13 07:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF [2013/10/09 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/13 19:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
[2013/10/10 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2013/11/11 05:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions
[2013/11/11 05:42:56 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\ScorpionSaver@jetpack
[2013/10/30 05:20:22 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\[email protected]
[2013/11/03 12:23:31 | 000,000,861 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\conduit-search.xml
[2013/10/16 18:55:31 | 000,010,530 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\duckduckgo.xml
[2013/11/13 19:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/13 19:40:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/11/11 19:10:43 | 000,450,700 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004..\Run: [HP ENVY 4500 series (NET)] C:\Program Files\hp\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C718BAD-7DD5-448A-8252-A85B7AE3893C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/13 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/11 05:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/11/03 18:36:18 | 000,000,000 | ---D | C] -- C:\Users\Richard\hpremote
[2013/11/03 11:48:44 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/03 11:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2013/11/03 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VeriSign
[2013/11/03 11:35:02 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/03 11:35:02 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/02 14:17:28 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\NPE
[2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/10/29 19:45:31 | 000,000,000 | ---D | C] -- C:\N4E'wYl!(h3SyQjZeu
[2013/10/28 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HP Support Assistant
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/10/26 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HpUpdate
[2013/10/26 13:11:13 | 000,762,400 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMC511.dll
[2013/10/26 13:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/10/26 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\HP
[2013/10/25 05:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/25 05:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/19 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\OpenOffice.org
[2013/10/19 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/19 12:07:02 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/10/19 12:06:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Programs
[2013/10/19 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\CrashDumps
[2013/10/19 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/19 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Unknown folder
[2013/10/19 10:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013/10/19 10:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/10/18 04:57:36 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple Computer
[2013/10/18 04:48:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple
[2013/10/16 19:03:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2013/10/16 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Mozilla
[2013/10/16 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Macromedia
[2013/10/16 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Eraser 6
[2013/10/16 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Mozilla
[2013/10/16 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Hewlett-Packard
[2013/10/16 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\WinPatrol
[2013/10/16 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\PDFC
[2013/10/16 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Apple Computer
[2013/10/16 18:37:02 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Adobe
[2013/10/16 18:36:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Adobe
[2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\Searches
[2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/16 18:36:38 | 000,000,000 | -H-D | C] -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/16 18:36:38 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\TouchSmartData
[2013/10/16 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Identities
[2013/10/16 18:36:28 | 000,000,000 | R--D | C] -- C:\Users\Richard\Contacts
[2013/10/16 18:36:25 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VirtualStore
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Temporary Internet Files
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Templates
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Start Menu
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\SendTo
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Recent
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\PrintHood
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\NetHood
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Videos
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Pictures
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Music
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\My Documents
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Local Settings
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\History
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Cookies
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Application Data
[2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Application Data
[2013/10/16 18:36:13 | 000,000,000 | --SD | C] -- C:\Users\Richard\AppData\Roaming\Microsoft
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Videos
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Saved Games
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Pictures
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Music
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Links
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Favorites
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Downloads
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Documents
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Desktop
[2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/16 18:36:13 | 000,000,000 | -H-D | C] -- C:\Users\Richard\AppData
[2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Temp
[2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Microsoft
[2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Media Center Programs
[2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Macromedia
[2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Hewlett-Packard
========== Files - Modified Within 30 Days ==========
[2013/11/13 19:35:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 19:12:46 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 19:12:46 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 19:12:14 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 19:12:14 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 19:12:14 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 19:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 19:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 19:05:05 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 19:03:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 18:46:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRich.job
[2013/11/12 05:37:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job
[2013/11/11 19:10:43 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/11 05:40:45 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-191043.backup
[2013/11/11 05:40:17 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054045.backup
[2013/11/03 18:18:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2013/11/03 18:08:57 | 001,343,238 | ---- | M] () -- C:\Users\Richard\Desktop\Virus.png
[2013/11/03 12:37:06 | 000,003,844 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg
[2013/11/03 12:24:02 | 000,000,246 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/03 11:42:32 | 000,001,409 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/02 14:30:52 | 000,637,030 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg
[2013/11/02 14:29:46 | 000,625,687 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg
[2013/11/02 12:49:44 | 000,003,032 | ---- | M] () -- C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48}
[2013/11/02 12:40:49 | 000,002,680 | ---- | M] () -- C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80}
[2013/11/02 12:37:17 | 000,002,984 | ---- | M] () -- C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5}
[2013/11/02 11:11:47 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054017.backup
[2013/11/02 10:55:24 | 000,595,472 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg
[2013/11/02 10:21:13 | 000,000,993 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat.lnk
[2013/10/30 00:37:19 | 000,002,920 | ---- | M] () -- C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A}
[2013/10/29 23:46:04 | 000,002,800 | ---- | M] () -- C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9}
[2013/10/29 23:36:45 | 000,003,080 | ---- | M] () -- C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC}
[2013/10/29 20:23:13 | 000,002,608 | ---- | M] () -- C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713}
[2013/10/28 17:53:16 | 000,009,059 | ---- | M] () -- C:\Users\Richard\Desktop\Recipes.odt
[2013/10/28 04:44:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131102-121147.backup
[2013/10/27 05:13:01 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131028-054444.backup
[2013/10/26 17:52:44 | 000,002,608 | ---- | M] () -- C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D}
[2013/10/26 17:39:48 | 000,003,520 | ---- | M] () -- C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE}
[2013/10/26 17:29:00 | 000,003,072 | ---- | M] () -- C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647}
[2013/10/26 15:13:32 | 000,003,168 | ---- | M] () -- C:\{9FA090A8-2805-44BA-8A41-005F80A835EC}
[2013/10/26 15:08:56 | 000,003,008 | ---- | M] () -- C:\{54C19903-AACE-4C9D-8011-F5108978A04A}
[2013/10/26 14:53:52 | 000,003,168 | ---- | M] () -- C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D}
[2013/10/26 14:52:17 | 000,003,008 | ---- | M] () -- C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350}
[2013/10/26 13:11:31 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/26 13:11:12 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
[2013/10/26 13:11:11 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
[2013/10/26 13:11:00 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/10/26 09:07:42 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131027-061301.backup
[2013/10/26 04:56:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-100742.backup
[2013/10/25 05:25:06 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 04:28:46 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-055650.backup
[2013/10/24 17:36:18 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131025-052846.backup
[2013/10/24 04:43:50 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-183618.backup
[2013/10/24 04:42:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054350.backup
[2013/10/23 04:42:04 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054244.backup
[2013/10/22 04:43:03 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131023-054204.backup
[2013/10/21 17:47:47 | 000,037,732 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131021_184742.reg
[2013/10/21 17:22:30 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131022-054303.backup
[2013/10/21 04:42:02 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-182230.backup
[2013/10/19 17:05:49 | 000,001,961 | ---- | M] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk
[2013/10/19 17:01:20 | 000,001,197 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/10/19 12:19:38 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-054202.backup
[2013/10/19 12:15:13 | 000,003,584 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/19 12:14:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131019-131938.backup
[2013/10/19 12:07:04 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/19 11:57:24 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/19 11:00:21 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013/10/16 18:36:19 | 000,000,258 | RHS- | M] () -- C:\Users\Richard\ntuser.pol
========== Files Created - No Company Name ==========
[2013/11/03 18:18:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2013/11/03 18:08:56 | 001,343,238 | ---- | C] () -- C:\Users\Richard\Desktop\Virus.png
[2013/11/03 12:37:04 | 000,003,844 | ---- | C] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg
[2013/11/03 11:42:32 | 000,001,409 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/02 14:30:52 | 000,637,030 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg
[2013/11/02 14:29:46 | 000,625,687 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg
[2013/11/02 12:49:43 | 000,003,032 | ---- | C] () -- C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48}
[2013/11/02 12:40:47 | 000,002,680 | ---- | C] () -- C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80}
[2013/11/02 12:37:13 | 000,002,984 | ---- | C] () -- C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5}
[2013/11/02 10:55:24 | 000,595,472 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg
[2013/11/02 10:21:13 | 000,000,993 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat.lnk
[2013/10/30 00:37:07 | 000,002,920 | ---- | C] () -- C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A}
[2013/10/29 23:46:01 | 000,002,800 | ---- | C] () -- C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9}
[2013/10/29 23:36:36 | 000,003,080 | ---- | C] () -- C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC}
[2013/10/29 20:23:09 | 000,002,608 | ---- | C] () -- C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713}
[2013/10/28 11:42:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job
[2013/10/26 17:52:43 | 000,002,608 | ---- | C] () -- C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D}
[2013/10/26 17:39:43 | 000,003,520 | ---- | C] () -- C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE}
[2013/10/26 17:28:58 | 000,003,072 | ---- | C] () -- C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647}
[2013/10/26 15:13:30 | 000,003,168 | ---- | C] () -- C:\{9FA090A8-2805-44BA-8A41-005F80A835EC}
[2013/10/26 15:08:54 | 000,003,008 | ---- | C] () -- C:\{54C19903-AACE-4C9D-8011-F5108978A04A}
[2013/10/26 14:53:52 | 000,003,168 | ---- | C] () -- C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D}
[2013/10/26 14:52:16 | 000,003,008 | ---- | C] () -- C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350}
[2013/10/26 13:11:31 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/26 13:11:12 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
[2013/10/26 13:11:11 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
[2013/10/26 13:11:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/25 05:25:06 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/21 17:47:44 | 000,037,732 | ---- | C] () -- C:\Users\Richard\Documents\cc_20131021_184742.reg
[2013/10/19 17:05:49 | 000,001,961 | ---- | C] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk
[2013/10/19 17:02:27 | 000,009,059 | ---- | C] () -- C:\Users\Richard\Desktop\Recipes.odt
[2013/10/19 17:01:19 | 000,001,197 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/10/19 12:15:13 | 000,003,584 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/19 12:07:04 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/19 12:07:04 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/19 11:56:57 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/19 10:59:50 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013/10/16 18:36:47 | 000,001,415 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/16 18:36:19 | 000,000,258 | RHS- | C] () -- C:\Users\Richard\ntuser.pol
[2013/10/16 18:36:13 | 000,000,290 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/16 18:36:13 | 000,000,272 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/07 17:54:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RICH-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/22 09:36:18 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/27 13:42:30 | 000,000,135 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/01/26 15:45:46 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/02 16:21:46 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/08/27 17:39:10 | 000,018,289 | ---- | C] () -- C:\Windows\HPHins01.dat.temp
[2012/08/27 17:39:10 | 000,004,284 | ---- | C] () -- C:\Windows\hphmdl01.dat.temp
[2012/06/06 19:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 19:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 19:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< >
========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/06/06 19:42:51 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/06/06 19:44:41 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2013/09/20 09:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.DAT >
[2013/11/05 16:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Richard\AppData\Local\Temp\jrt\services.dat
< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.HTML >
[2013/01/04 13:50:38 | 000,006,329 | ---- | M] () MD5=CBF97253DD695DF0C1591D1357E15043 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html
< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.RDB >
[2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb
[2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 5A17-373D
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [..]
07/13/2009 11:08 PM <JUNCTION> Desktop [..]
07/13/2009 11:08 PM <JUNCTION> Documents [..]
07/13/2009 11:08 PM <JUNCTION> Favorites [..]
07/13/2009 11:08 PM <JUNCTION> Start Menu [..]
07/13/2009 11:08 PM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [..]
07/13/2009 11:08 PM <JUNCTION> Desktop [..]
07/13/2009 11:08 PM <JUNCTION> Documents [..]
07/13/2009 11:08 PM <JUNCTION> Favorites [..]
07/13/2009 11:08 PM <JUNCTION> Start Menu [..]
07/13/2009 11:08 PM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Campagnolo
10/26/2013 01:48 PM <JUNCTION> Application Data [C:\Users\Campagnolo\AppData\Roaming]
10/26/2013 01:48 PM <JUNCTION> Cookies [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Cookies]
10/26/2013 01:48 PM <JUNCTION> Local Settings [C:\Users\Campagnolo\AppData\Local]
10/26/2013 01:48 PM <JUNCTION> My Documents [C:\Users\Campagnolo\Documents]
10/26/2013 01:48 PM <JUNCTION> NetHood [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/26/2013 01:48 PM <JUNCTION> PrintHood [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/26/2013 01:48 PM <JUNCTION> Recent [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Recent]
10/26/2013 01:48 PM <JUNCTION> SendTo [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\SendTo]
10/26/2013 01:48 PM <JUNCTION> Start Menu [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Start Menu]
10/26/2013 01:48 PM <JUNCTION> Templates [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Campagnolo\AppData\Local
10/26/2013 01:48 PM <JUNCTION> Application Data [C:\Users\Campagnolo\AppData\Local]
10/26/2013 01:48 PM <JUNCTION> History [C:\Users\Campagnolo\AppData\Local\Microsoft\Windows\History]
10/26/2013 01:48 PM <JUNCTION> Temporary Internet Files [C:\Users\Campagnolo\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Campagnolo\Documents
10/26/2013 01:48 PM <JUNCTION> My Music [C:\Users\Campagnolo\Music]
10/26/2013 01:48 PM <JUNCTION> My Pictures [C:\Users\Campagnolo\Pictures]
10/26/2013 01:48 PM <JUNCTION> My Videos [C:\Users\Campagnolo\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [..]
07/13/2009 11:08 PM <JUNCTION> Cookies [..]
07/13/2009 11:08 PM <JUNCTION> Local Settings [..]
07/13/2009 11:08 PM <JUNCTION> My Documents [..]
07/13/2009 11:08 PM <JUNCTION> NetHood [..]
07/13/2009 11:08 PM <JUNCTION> PrintHood [..]
07/13/2009 11:08 PM <JUNCTION> Recent [..]
07/13/2009 11:08 PM <JUNCTION> SendTo [..]
07/13/2009 11:08 PM <JUNCTION> Start Menu [..]
07/13/2009 11:08 PM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [..]
07/13/2009 11:08 PM <JUNCTION> History [..]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [..]
07/13/2009 11:08 PM <JUNCTION> My Pictures [..]
07/13/2009 11:08 PM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\Guest
07/13/2013 10:43 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
07/13/2013 10:43 AM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2013 10:43 AM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
07/13/2013 10:43 AM <JUNCTION> My Documents [C:\Users\Guest\Documents]
07/13/2013 10:43 AM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2013 10:43 AM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2013 10:43 AM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2013 10:43 AM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2013 10:43 AM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2013 10:43 AM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
07/13/2013 10:43 AM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
07/13/2013 10:43 AM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
07/13/2013 10:43 AM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
07/13/2013 10:43 AM <JUNCTION> My Music [C:\Users\Guest\Music]
07/13/2013 10:43 AM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
07/13/2013 10:43 AM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Richard
10/16/2013 06:36 PM <JUNCTION> Application Data [C:\Users\Richard\AppData\Roaming]
10/16/2013 06:36 PM <JUNCTION> Cookies [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies]
10/16/2013 06:36 PM <JUNCTION> Local Settings [C:\Users\Richard\AppData\Local]
10/16/2013 06:36 PM <JUNCTION> My Documents [C:\Users\Richard\Documents]
10/16/2013 06:36 PM <JUNCTION> NetHood [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/16/2013 06:36 PM <JUNCTION> PrintHood [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/16/2013 06:36 PM <JUNCTION> Recent [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Recent]
10/16/2013 06:36 PM <JUNCTION> SendTo [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\SendTo]
10/16/2013 06:36 PM <JUNCTION> Start Menu [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu]
10/16/2013 06:36 PM <JUNCTION> Templates [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Richard\AppData\Local
10/16/2013 06:36 PM <JUNCTION> Application Data [C:\Users\Richard\AppData\Local]
10/16/2013 06:36 PM <JUNCTION> History [C:\Users\Richard\AppData\Local\Microsoft\Windows\History]
10/16/2013 06:36 PM <JUNCTION> Temporary Internet Files [C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Richard\Documents
10/16/2013 06:36 PM <JUNCTION> My Music [C:\Users\Richard\Music]
10/16/2013 06:36 PM <JUNCTION> My Pictures [C:\Users\Richard\Pictures]
10/16/2013 06:36 PM <JUNCTION> My Videos [C:\Users\Richard\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 6,157,422,592 bytes free
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720
< End of report >
Attached Files
#112
Posted 15 November 2013 - 08:36 PM
Let me start by saying thank you for being so patient
You're welcome. Not a problem Anytime
Let's get to it:
Step 1.
Disable Spybot S+D
• Open Spybot-S&D
• Go to the Mode menu and make sure "Advanced Mode" is selected
• On the left hand side, choose Tools ~> Resident
• Uncheck "Resident TeaTimer" and OK any prompts
• Restart your computer.
Step 2.
Uninstall Programs
Please uninstall the following programs:
ScorpionSaver
Step 3.
OTL Fix
Please right click on On your Desktop and choose Run as Administrator, accept UAC prompts.
Under
in the textbox at the bottom, please paste in the following text:
:Commands
[CreateRestorePoint]
:OTL
SRV - [2013/11/03 11:48:41 | 000,507,912 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSIC9D4.tmp -- (Level Quality Watcher)
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50042;https=127.0.0.1:50042
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..network.proxy.type: 0
[2013/11/11 05:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions
[2013/11/11 05:42:56 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\ScorpionSaver@jetpack
[2013/10/30 05:20:22 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\[email protected]
[2013/11/03 12:23:31 | 000,000,861 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\conduit-search.xml
[2013/10/16 18:55:31 | 000,010,530 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\duckduckgo.xml
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C718BAD-7DD5-448A-8252-A85B7AE3893C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: NameServer = 8.8.8.8,8.8.4.4
[2013/11/11 05:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver
[2013/10/29 19:45:31 | 000,000,000 | ---D | C] -- C:\N4E'wYl!(h3SyQjZeu
[2013/11/11 19:10:43 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/11 05:40:45 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-191043.backup
[2013/11/11 05:40:17 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054045.backup
[2013/11/02 12:49:44 | 000,003,032 | ---- | M] () -- C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48}
[2013/11/02 12:40:49 | 000,002,680 | ---- | M] () -- C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80}
[2013/11/02 12:37:17 | 000,002,984 | ---- | M] () -- C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5}
[2013/11/02 11:11:47 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054017.backup
[2013/10/30 00:37:19 | 000,002,920 | ---- | M] () -- C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A}
[2013/10/29 23:46:04 | 000,002,800 | ---- | M] () -- C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9}
[2013/10/29 23:36:45 | 000,003,080 | ---- | M] () -- C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC}
[2013/10/29 20:23:13 | 000,002,608 | ---- | M] () -- C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713}
[2013/10/28 04:44:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131102-121147.backup
[2013/10/27 05:13:01 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131028-054444.backup
[2013/10/26 17:52:44 | 000,002,608 | ---- | M] () -- C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D}
[2013/10/26 17:39:48 | 000,003,520 | ---- | M] () -- C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE}
[2013/10/26 17:29:00 | 000,003,072 | ---- | M] () -- C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647}
[2013/10/26 15:13:32 | 000,003,168 | ---- | M] () -- C:\{9FA090A8-2805-44BA-8A41-005F80A835EC}
[2013/10/26 15:08:56 | 000,003,008 | ---- | M] () -- C:\{54C19903-AACE-4C9D-8011-F5108978A04A}
[2013/10/26 14:53:52 | 000,003,168 | ---- | M] () -- C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D}
[2013/10/26 14:52:17 | 000,003,008 | ---- | M] () -- C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350}
[2013/10/26 09:07:42 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131027-061301.backup
[2013/10/26 04:56:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-100742.backup
[2013/10/25 04:28:46 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-055650.backup
[2013/10/24 17:36:18 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131025-052846.backup
[2013/10/24 04:43:50 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-183618.backup
[2013/10/24 04:42:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054350.backup
[2013/10/23 04:42:04 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054244.backup
[2013/10/22 04:43:03 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131023-054204.backup
[2013/10/21 17:47:47 | 000,037,732 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131021_184742.reg
[2013/10/21 17:22:30 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131022-054303.backup
[2013/10/21 04:42:02 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-182230.backup
[2013/10/19 12:19:38 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-054202.backup
[2013/10/19 12:14:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131019-131938.backup
:Files
ipconfig /flushdns /c
• Push the button.
• OTL may ask to reboot the machine. Please do so if asked.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
• A massage box will pop-up.
• Click the OK button and a report will open.
• Copy and Paste that report in your next reply, please
Step 4.
ADWCleaner
Please download AdwCleaner from here to your Desktop.
• Right click the and chooseRun as Administrator
• Once it opens
• Click the Scan button
• Let AdwCleaner run thru.....
• Once scan completes, it will open a window as such:
• Check the tabs for any listed items you might want to keep (likely none, but please check to be sure)
• Select
• It will remove all it finds.
• Once done it will ask to reboot, please allow this...
• On reboot a log will be produced for you open on your desktop. It is also copied to C:\ADWCleaner[XX].txt. Please post the log in your next post.
Step 5.
Fresh OTL Scan
• Please right click on On your Desktop to Run as Administrator, accept UAC prompts.
• Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL ~ Desktop
• Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.
When you return, please:
1. OTL fix log
2. ADWCleaner log
3. Fresh OTL log
4. Please let me know what issues you are currently experiencing.
5. May you please paste the logs in, not attach them. It's easier that way
Thank you
#113
Posted 16 November 2013 - 11:27 AM
I could not find (and disable) Tea timer. I have Spybot S+D version 2.2
I uninstalled Scorpion Saver.
OTL fix log below:
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Level Quality Watcher stopped successfully!
Service Level Quality Watcher deleted successfully!
C:\Windows\Installer\MSIC9D4.tmp moved successfully.
HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "DuckDuckGo" removed from browser.search.defaultenginename
Prefs.js: "DuckDuckGo" removed from browser.search.selectedEngine
Prefs.js: 0 removed from network.proxy.type
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions folder moved successfully.
Folder C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\ScorpionSaver@jetpack\ not found.
File C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\[email protected] not found.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\conduit-search.xml moved successfully.
C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\duckduckgo.xml moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C718BAD-7DD5-448A-8252-A85B7AE3893C}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}\\NameServer| /E : value set successfully!
Folder C:\Program Files (x86)\ScorpionSaver\ not found.
C:\N4E'wYl!(h3SyQjZeu folder moved successfully.
C:\Windows\SysNative\drivers\etc\hosts moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131111-191043.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131111-054045.backup moved successfully.
C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48} moved successfully.
C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80} moved successfully.
C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5} moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131111-054017.backup moved successfully.
C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A} moved successfully.
C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9} moved successfully.
C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC} moved successfully.
C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713} moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131102-121147.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131028-054444.backup moved successfully.
C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D} moved successfully.
C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE} moved successfully.
C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647} moved successfully.
C:\{9FA090A8-2805-44BA-8A41-005F80A835EC} moved successfully.
C:\{54C19903-AACE-4C9D-8011-F5108978A04A} moved successfully.
C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D} moved successfully.
C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350} moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131027-061301.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131026-100742.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131026-055650.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131025-052846.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131024-183618.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131024-054350.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131024-054244.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131023-054204.backup moved successfully.
C:\Users\Richard\My Documents\cc_20131021_184742.reg moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131022-054303.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131021-182230.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131021-054202.backup moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20131019-131938.backup moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Richard\Downloads\cmd.bat deleted successfully.
C:\Users\Richard\Downloads\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 11162013_114012
Adw cleaner log follows:
# AdwCleaner v3.012 - Report created 16/11/2013 at 11:47:10
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Richard - RICH-HP
# Running from : C:\Users\Richard\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (en-US)
[ File : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\prefs.js ]
[ File : C:\Users\Campagnolo\AppData\Roaming\Mozilla\Firefox\Profiles\ksypcz8s.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3586 octets] - [12/09/2013 04:09:09]
AdwCleaner[R1].txt - [1304 octets] - [16/11/2013 11:46:02]
AdwCleaner[S0].txt - [3717 octets] - [12/09/2013 04:13:08]
AdwCleaner[S1].txt - [1233 octets] - [16/11/2013 11:47:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1293 octets] ##########
2nd OTL log follows:
OTL logfile created on: 11/16/2013 11:52:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.91 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.10% Memory free
7.82 Gb Paging File | 6.04 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 5.38 Gb Free Space | 0.79% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Computer Name: RICH-HP | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/16 11:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL(2).exe
PRC - [2013/11/16 11:03:32 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/09 18:09:32 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/04 15:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/08/16 15:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/05/18 18:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2013/11/16 11:03:32 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/11 17:19:00 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/11 17:18:59 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/11 17:17:45 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll
MOD - [2013/10/11 17:17:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/11 17:17:28 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/10 05:32:01 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 05:31:59 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 05:31:53 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 05:31:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 05:31:48 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 18:09:32 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/08/18 03:43:42 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 04:43:48 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 04:43:47 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 04:43:43 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/10 22:09:48 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/12/09 19:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2013/10/09 18:09:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/01 05:07:29 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/09/02 16:24:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/06/18 05:01:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 02:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/25 23:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/06 20:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 19:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 19:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 02:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 01:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 04:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 05:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 08:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/10 19:23:32 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131115.017\ex64.sys -- (NAVEX15)
DRV - [2013/11/10 19:23:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131115.017\eng64.sys -- (NAVENG)
DRV - [2013/10/28 11:37:14 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131115.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 17:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/27 04:59:39 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/08/27 04:59:39 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/27 17:16:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/11/16 11:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/08/13 07:38:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF [2013/10/09 17:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/13 19:40:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
[2013/10/10 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2013/11/13 19:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/16 11:03:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Hosts file not found
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004..\Run: [HP ENVY 4500 series (NET)] C:\Program Files\hp\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/16 11:40:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/16 11:07:06 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\ProcAlyzer Dumps
[2013/11/15 06:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/15 06:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/15 06:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/15 06:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/15 06:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/14 06:25:29 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/14 06:25:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/14 06:25:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/14 06:25:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 06:25:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/14 06:25:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/14 06:25:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/14 06:25:29 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/14 06:25:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/14 06:25:28 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/14 06:25:28 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/14 06:25:27 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/14 06:25:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/14 06:25:27 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/14 06:25:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/14 05:47:39 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/14 05:47:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/14 05:47:17 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/14 05:47:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/14 05:47:17 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/14 05:47:17 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 05:46:50 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/14 05:46:50 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/14 05:46:50 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/14 05:46:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/14 05:46:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/14 05:46:37 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/14 05:46:31 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/14 05:46:31 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/14 05:46:31 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/14 05:46:31 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/03 18:36:18 | 000,000,000 | ---D | C] -- C:\Users\Richard\hpremote
[2013/11/03 11:48:44 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/03 11:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2013/11/03 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VeriSign
[2013/11/03 11:35:02 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/03 11:35:02 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/02 14:17:28 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\NPE
[2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/10/28 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HP Support Assistant
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/10/26 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HpUpdate
[2013/10/26 13:11:13 | 000,762,400 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMC511.dll
[2013/10/26 13:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/10/26 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\HP
[2013/10/19 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\OpenOffice.org
[2013/10/19 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/19 12:07:02 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/10/19 12:06:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Programs
[2013/10/19 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\CrashDumps
[2013/10/19 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/19 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Unknown folder
[2013/10/19 10:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013/10/19 10:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013/10/18 04:57:36 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple Computer
[2013/10/18 04:48:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple
========== Files - Modified Within 30 Days ==========
[2013/11/16 11:55:40 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:55:40 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/16 11:54:02 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/16 11:54:02 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/16 11:54:02 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/16 11:48:05 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/16 11:47:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/16 11:47:49 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/16 11:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/16 11:03:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/16 06:24:32 | 000,002,312 | ---- | M] () -- C:\{E03DC0C0-B5FB-4666-BDD2-8A3A781B50F2}
[2013/11/15 06:08:42 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/15 05:42:12 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131116-060738.backup
[2013/11/14 05:36:22 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131115-054212.backup
[2013/11/12 05:37:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job
[2013/11/11 19:10:43 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131114-053622.backup
[2013/11/03 18:18:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2013/11/03 18:08:57 | 001,343,238 | ---- | M] () -- C:\Users\Richard\Desktop\Virus.png
[2013/11/03 12:37:06 | 000,003,844 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg
[2013/11/03 12:24:02 | 000,000,246 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/03 11:42:32 | 000,001,409 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/02 14:30:52 | 000,637,030 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg
[2013/11/02 14:29:46 | 000,625,687 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg
[2013/11/02 10:55:24 | 000,595,472 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg
[2013/11/02 10:21:13 | 000,000,993 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat.lnk
[2013/10/28 17:53:16 | 000,009,059 | ---- | M] () -- C:\Users\Richard\Desktop\Recipes.odt
[2013/10/26 13:11:31 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/26 13:11:12 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
[2013/10/26 13:11:11 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
[2013/10/26 13:11:00 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/10/19 17:05:49 | 000,001,961 | ---- | M] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk
[2013/10/19 17:01:20 | 000,001,197 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/10/19 12:15:13 | 000,003,584 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/19 12:07:04 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/19 11:57:24 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/19 11:00:21 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
========== Files Created - No Company Name ==========
[2013/11/16 06:24:31 | 000,002,312 | ---- | C] () -- C:\{E03DC0C0-B5FB-4666-BDD2-8A3A781B50F2}
[2013/11/15 06:08:42 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/03 18:18:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
[2013/11/03 18:08:56 | 001,343,238 | ---- | C] () -- C:\Users\Richard\Desktop\Virus.png
[2013/11/03 12:37:04 | 000,003,844 | ---- | C] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg
[2013/11/03 11:42:32 | 000,001,409 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/02 14:30:52 | 000,637,030 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg
[2013/11/02 14:29:46 | 000,625,687 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg
[2013/11/02 10:55:24 | 000,595,472 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg
[2013/11/02 10:21:13 | 000,000,993 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat.lnk
[2013/10/28 11:42:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job
[2013/10/26 13:11:31 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/26 13:11:12 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk
[2013/10/26 13:11:11 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
[2013/10/26 13:11:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/10/19 17:05:49 | 000,001,961 | ---- | C] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk
[2013/10/19 17:02:27 | 000,009,059 | ---- | C] () -- C:\Users\Richard\Desktop\Recipes.odt
[2013/10/19 17:01:19 | 000,001,197 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013/10/19 12:15:13 | 000,003,584 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/19 12:07:04 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/19 12:07:04 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/19 11:56:57 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/19 10:59:50 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013/10/16 18:36:19 | 000,000,258 | RHS- | C] () -- C:\Users\Richard\ntuser.pol
[2013/10/07 17:54:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RICH-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/22 09:36:18 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/27 13:42:30 | 000,000,135 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/01/26 15:45:46 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/02 16:21:46 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/08/27 17:39:10 | 000,018,289 | ---- | C] () -- C:\Windows\HPHins01.dat.temp
[2012/08/27 17:39:10 | 000,004,284 | ---- | C] () -- C:\Windows\hphmdl01.dat.temp
[2012/06/06 19:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 19:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 19:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720
< End of report >
Still only have 5.37GB free of 681GB but everything else seems ok
Thanks,
Rich
Edited by 1324, 16 November 2013 - 12:06 PM.
#114
Posted 17 November 2013 - 10:28 AM
Excellent Thank you
We're gettin' there!
Please Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
Select the cog to access scan areas
On the first tab select all elements down to OS C and then select start scan
Once it has finished select reports and post the detected threats
.
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once it has completed then click Step 2 Report sending
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
Please provide both reports when you return.
#115
Posted 19 November 2013 - 05:03 AM
I'm giving you info as I can.
I ran the automatic scan. It ran overnight - 4.5 hours; no detected threats. I do have the automatic scan report if you would like to see it.
I ran the manual avptool and have the zip file but I can't attach it. I'm sorry, I feel so ignorant. I'm sure I'm just missing something obvious.
Thanks,
Rich
Edited by 1324, 19 November 2013 - 05:15 AM.
#116
Posted 19 November 2013 - 08:22 AM
I do have the automatic scan report if you would like to see it.
Yes, please. When you can.
I ran the manual avptool and have the zip file but I can't attach it.
Minor. To attach a file, I believe all you do is click the button under the reply window when you're replying to a post that says Click to Attach Files. Then another window opens for you to browse for it on your computer.
If it does not work for some reason, maybe it's larger than 1mb... let me know and we'll do something else.
#117
Posted 19 November 2013 - 07:11 PM
I located and attached the zip file
I was unable to copy and paste the automatic scan report. I kept getting a warning saying Kaspersky not responding. My choice was wait or cancel. After choosing wait, 1, 2, 3 times I hit cancel. Let me know if your would like me to run the automatic scan again.
Thanks for your patience (again),
Rich
Attached Files
#118
Posted 20 November 2013 - 11:51 AM
Oops..wrong zip file...Let's do that part again, please:
Select the Manual Disinfection tab
Press the Gather System Information button
Once it has completed then click Step 2 Report sending
Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
This should be quicker than the last.
#119
Posted 21 November 2013 - 07:59 PM
Maybe we have another problem. The last couple of programs you wanted me to download to my desktop did not appear on my desktop, not Kaspersky, not AdwCleaner, not OTL.
Anyway, I have attached the correct file, I think.
Thank you so much,
Rich
Attached Files
#120
Posted 22 November 2013 - 05:39 AM
I just ran a smart scan of Malwarebytes, results below:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.16.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Richard :: RICH-HP [administrator]
11/22/2013 5:26:34 AM
mbam-log-2013-11-22 (05-26-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265906
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\temp\ScorpionSaver.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
(end)
I thought I uninstalled that Sorpion Saver but its back.
Thanks,
Rich
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users