Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run antivirus scan with mbam. Computer unresponsive.


  • Please log in to reply

#1
Warden

Warden

    Member

  • Member
  • PipPipPip
  • 162 posts

machine is an HP Elitebook 8730w with Windiws XP Pro ver 2002 Service Pack 3.  I initially posted this as a missing tool bar, in the xp group,  because the desktop appears but there is no toolbar at the bottom of the screen.  I can see notification bubbles for adobe updates and file hippo updates but cant actually see them.  But the person helping me suggested I post in malware removal due to the symptoms.  I have tried to run malwarebytes, however, when I do so I get the following error message, run time error '372': failed to load 'vbalgrid' from vbalgrid6.ocx.  Your version of vbalgrid6.ocx may be outdated.  Make sure you are using the version of the control that was provided with your application.

 

I have also tried to use avast but when I attempt to run a scan it says the RPC server is unavailable.

 

I have rebooted into safe mode and the problem is there as well.

 

I also have tried a sys restore from safe mode with no luck.

 

Here is the OTL log.  Any help is appreciated.  Running viprerescue on the problem machine now and posting from a different one.    

 

OTL logfile created on: 5/15/2014 7:57:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.23% Memory free
4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 128.04 Gb Free Space | 42.95% Space Free | Partition Type: NTFS
 
Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/14 06:18:38 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe
PRC - [2014/05/10 08:36:07 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/12 21:57:54 | 000,043,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/26 18:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/02/25 11:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/01/30 22:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2012/05/09 15:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2012/03/26 03:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/24 22:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 19:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 10:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 16:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/12 14:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/10 08:36:12 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/12 00:14:31 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\aa86b1a0c9a5bd2a973bef106c0461f9\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 00:13:47 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/11 22:11:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/11 22:02:40 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/11 22:02:20 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/11 21:59:26 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/11 21:57:33 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/11 21:57:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/09 21:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 13:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 13:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/02/15 14:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 14:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 14:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 14:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 13:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/26 08:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/26 00:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/26 00:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/26 00:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 09:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/17 19:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2009/02/27 06:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/12 14:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/05/12 14:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/10 08:36:07 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/07 07:41:00 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2013/01/18 18:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2011/07/21 12:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 19:25:12 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 16:55:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2014/05/15 19:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/10 08:36:16 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/05/10 08:36:16 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/05/10 08:36:16 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/10 08:36:16 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/10 08:36:15 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/10 08:36:15 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/05/10 08:36:15 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/10 08:36:15 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/09/04 14:57:44 | 000,024,040 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiutil.sys -- (gfiutil)
DRV - [2013/05/23 08:39:14 | 000,043,368 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiark.sys -- (gfiark)
DRV - [2011/02/15 14:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 08:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 08:21:36 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/02 08:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 08:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/07/02 08:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/02 08:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 08:16:16 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/06/22 17:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 05:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 15:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 15:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013/03/29 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Presenter\Application Data\Mozilla\Firefox\extensions
[2013/03/29 21:08:59 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Documents and Settings\Presenter\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2010/07/11 21:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/01/23 13:04:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1359071134359 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44D5156A-6FFB-42B6-A90E-F6AF0CF674C9}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (VPNGina.dll) - C:\WINDOWS\System32\vpngina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 15:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/15 19:59:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/14 12:18:17 | 000,024,040 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiutil.sys
[2014/05/14 12:18:00 | 000,043,368 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiark.sys
[2014/05/14 12:16:24 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/05/14 07:45:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/05/10 09:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\AVAST Software
[2014/05/10 08:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/05/10 08:36:30 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/05/10 08:36:29 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/05/10 08:36:28 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/05/10 08:36:27 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/05/10 08:36:26 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/05/10 08:36:22 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/05/10 08:36:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/05/10 08:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/05/08 10:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\ringtones
[2014/05/08 10:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\music
[2014/05/08 10:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\documents
[2014/05/08 10:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\videos
[2014/05/08 10:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\camera
[2014/05/08 10:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\pictures
[2014/04/20 20:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/15 19:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/05/15 19:43:48 | 000,066,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2014/05/15 19:42:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/15 19:42:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/14 06:49:39 | 000,066,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2014/05/13 22:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/13 21:34:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/13 21:21:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2014/05/13 20:36:01 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/13 20:34:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/13 10:21:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2014/05/12 13:17:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/05/10 08:37:38 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/05/10 08:37:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/10 08:36:16 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/05/10 08:36:16 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/05/10 08:36:16 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/10 08:36:16 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/05/10 08:36:15 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/05/10 08:36:15 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/05/10 08:36:15 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/10 08:36:15 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/10 08:36:14 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/05/10 08:36:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/05/10 08:03:10 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\miiii.jgf
[2014/05/08 20:57:07 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/29 13:19:13 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/29 13:19:13 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2014/04/22 14:12:02 | 000,062,491 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\BDLParking receipt 04-17-14.pdf
[2014/04/22 14:11:49 | 000,059,241 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\BDLParking receipt 04-17-14.pdf
[2014/04/20 09:02:47 | 000,094,819 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Tax Doc for Sandy.pdf
[2014/04/18 10:45:11 | 000,021,149 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\BDL Receipt 4-11-14.pdf
[2014/04/17 19:55:07 | 000,063,873 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\PVD Taxi Receipt 3-17-14.pdf
[2014/04/16 08:20:00 | 001,908,719 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Christopher and Hogan.JPG
 
========== Files Created - No Company Name ==========
 
[2014/05/10 08:37:38 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/05/10 08:36:50 | 000,000,370 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/10 08:36:29 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/10 08:36:28 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/10 08:36:26 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 14:12:02 | 000,062,491 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\BDLParking receipt 04-17-14.pdf
[2014/04/22 14:11:49 | 000,059,241 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\BDLParking receipt 04-17-14.pdf
[2014/04/20 09:02:44 | 000,094,819 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Tax Doc for Sandy.pdf
[2014/04/18 10:45:11 | 000,021,149 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\BDL Receipt 4-11-14.pdf
[2014/04/17 19:55:07 | 000,063,873 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\PVD Taxi Receipt 3-17-14.pdf
[2014/04/16 08:19:59 | 001,908,719 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Christopher and Hogan.JPG
[2014/03/26 22:21:45 | 000,013,880 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\j6zj3odia.bbr
[2014/02/11 22:23:24 | 001,035,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/14 14:40:56 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2009/10/08 10:26:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Presenter\JavaConnect.ini
[2009/08/12 07:32:23 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 11:43:17 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.bak
 
========== ZeroAccess Check ==========
 
[2009/07/02 09:45:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/03/03 09:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/05 11:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2014/02/08 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2014/05/10 08:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/10 20:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/01/16 15:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/02/12 11:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2013/01/18 07:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD
[2013/06/28 09:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FitbitConnect
[2011/06/01 09:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2013/01/18 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/07 07:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/16 08:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/01/27 12:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2012/04/02 23:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2014/03/11 11:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/27 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/08/04 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2013/06/17 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 21:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2014/05/10 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\AVAST Software
[2010/02/16 22:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2012/01/16 15:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\CheckPoint
[2014/04/09 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Dropbox
[2014/04/09 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\DropboxMaster
[2013/05/07 02:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\e08c65b2-6be0-44ba-9628-b61063a7657dad
[2013/01/25 19:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\ElevatedDiagnostics
[2011/06/01 09:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Flip Video
[2014/01/04 14:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\HandBrake
[2010/06/14 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2013/09/05 14:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Red Kawa
[2012/04/02 23:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Research In Motion
[2013/12/24 08:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Search Protection
[2010/02/16 22:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2014/05/15 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\uTorrent
[2013/02/27 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Visan
[2010/01/27 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/31 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2010/07/14 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\WinPatrol
[2009/10/08 09:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
 
< End of report >
 

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
:welcome:
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

    • 0

    #3
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    Thanks for your response.  I ran frst and was only able to locate the frst.txt and the addition.txt.  Here they are below.  First is the frst.txt

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
    Ran by Presenter (administrator) on TS8730WIMAGE on 15-05-2014 20:02:57
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
    (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Hewlett-Packard Corporation) C:\WINDOWS\system32\accelerometerST.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Old McDonald's Farm) C:\Program Files\Autorun Eater\oldmcdonald.exe
    (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Old McDonald's Farm) C:\Program Files\Autorun Eater\billy.exe
    (Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
    (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    (Google Inc.) C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    (BitTorrent Inc.) C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    (Belkin International, Inc.) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
    (Affinegy, Inc.) C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    (Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
    () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
    (IBM) C:\Program Files\Lotus\Notes\nsd.exe
    (IBM Corp) C:\Program Files\Lotus\Notes\ntmulti.exe
    (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
    (Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    (OldTimer Tools) C:\Documents and Settings\Presenter\Desktop\OTL.exe
    (Google Inc.) C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)
    HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
    HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [110696 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13933160 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-10] (AVAST Software)
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-20\...\Run: [Adobe CSx Manager] => C:\Documents and Settings\NetworkService\Application Data\e08c65b2-6be0-44ba-9628-b61063a7657dad\ecbbebabadad.exe [0 2013-05-06] ()
    HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [uTorrent] => C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe [1268560 2014-05-14] (BitTorrent Inc.)
    AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-21] (Google)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk
    ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Presenter\Local Settings\Application Data\dea8c6a9-3206-4f85-ac57-1000309ea107.crx [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-10]
    CHR HKLM\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files\OApps\chromeaddon2.crx [2014-05-10]
    CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
    R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-10] (AVAST Software)
    S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
    S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
    S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
    R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
    R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
    R2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    R2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2008-12-06] (IBM Corp)
    R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
    R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)
    R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-10] ()
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-10] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-10] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-10] ()
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-10] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-10] (AVAST Software)
    R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-10] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-10] ()
    R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)
    R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)
    R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)
    R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-15] (Malwarebytes Corporation)
    R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)
    S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
    R3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
    R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
    R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)
    R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()
    R2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
    S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
    U2 CertPropSvc; 
    S4 IntelIde; No ImagePath
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 19:59 - 2014-05-15 20:02 - 00000000 ____D () C:\FRST
    2014-05-14 12:18 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
    2014-05-14 12:18 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2014-05-14 12:16 - 2014-05-15 19:13 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 07:45 - 2014-05-15 19:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:36 - 2014-05-13 20:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-08 10:38 - 2014-05-08 20:57 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-02 20:50 - 2014-05-02 20:51 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-20 20:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-20 20:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-20 20:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-20 20:23 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-20 20:22 - 2014-04-20 20:23 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:02 - 2014-05-15 19:59 - 00000000 ____D () C:\FRST
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 20:01 - 2013-01-30 22:50 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt
    2014-05-15 19:59 - 2013-03-29 21:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent
    2014-05-15 19:45 - 2014-05-14 07:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-15 19:44 - 2010-03-11 13:43 - 00622602 _____ () C:\WINDOWS\setupapi.log
    2014-05-15 19:44 - 2009-07-02 08:30 - 01868380 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-15 19:43 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001
    2014-05-15 19:42 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-15 19:41 - 2009-07-15 11:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini
    2014-05-15 19:13 - 2014-05-14 12:16 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-14 11:21 - 2010-02-16 15:38 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 06:49 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.dat
    2014-05-13 22:20 - 2009-07-02 08:36 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-13 22:20 - 2009-07-02 08:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-13 22:20 - 2009-07-02 04:20 - 00000431 _____ () C:\WINDOWS\wiadebug.log
    2014-05-13 22:18 - 2013-05-07 07:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-13 21:34 - 2014-02-06 09:12 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-13 21:21 - 2010-02-01 22:09 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
    2014-05-13 20:36 - 2014-05-10 08:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-13 20:34 - 2014-02-06 09:12 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-13 10:21 - 2010-02-01 22:09 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
    2014-05-12 21:14 - 2009-07-02 04:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-05-12 13:17 - 2014-03-25 21:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:37 - 2010-03-22 21:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-10 08:34 - 2014-04-09 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-05-10 08:03 - 2014-03-17 19:18 - 00000085 _____ () C:\WINDOWS\system32\miiii.jgf
    2014-05-08 20:57 - 2014-05-08 10:38 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-08 20:57 - 2009-08-12 07:32 - 00029184 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001771 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.Desktop.Exception.log
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001694 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.DesktopHelper.Exception.log
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-07 07:40 - 2012-08-21 21:00 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-05-07 07:40 - 2011-06-15 20:46 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-05-02 20:51 - 2014-05-02 20:50 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 20:51 - 2011-10-12 17:21 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-02 20:51 - 2009-07-02 11:03 - 00337498 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 02157885 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 01045110 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00992213 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00730814 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00662726 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00441594 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00379407 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00360942 _____ () C:\WINDOWS\iis6.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00149460 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00119727 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00109845 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00108352 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-29 13:19 - 2010-02-01 22:10 - 00002316 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
    2014-04-28 08:12 - 2009-08-12 07:32 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\Application Data\Adobe
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-20 20:22 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-20 20:23 - 2009-07-02 10:36 - 00000000 ____D () C:\Program Files\Java
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Presenter\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdfuvy.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\lowproc.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\RealPlayer_20130122.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\stubhelper.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\utt6CB8.tmp.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll IS MISSING <==== ATTENTION!.
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== End Of Log ============================
     
     
     
    And now the addition.txt
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
    Ran by Presenter at 2014-05-15 20:00:30
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AuthenTec Fingerprint System (HKLM\...\{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}) (Version: 8.0.100.25 - AuthenTec, Inc.)
    Autorun Eater v2.4 (HKLM\...\Autorun Eater_is1) (Version:  - Old McDonald's Farm)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
    AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
    Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
    Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)
    BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Canon PIXMA iP4000 (HKLM\...\CANONBJ_Deinstall_CNMCP64.DLL) (Version:  - )
    Cisco AnyConnect VPN Client (HKLM\...\{92083A9A-549D-4057-88E8-223EA08563FA}) (Version: 2.4.1012 - Cisco Systems, Inc.)
    Cisco AnyConnect VPN Client Start Before Login Components (HKLM\...\{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}) (Version: 2.4.1012 - Cisco Systems, Inc.)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Combined Modem Driver Installer (HKLM\...\{9A6F0720-739C-408B-966F-93091631A918}) (Version: 1.0.0.15 - )
    Corel WinDVD (Version: 11 - Corel Inc.) Hidden
    Corel WinDVD Pro 11 (HKLM\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
    EMET (HKLM\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)
    eRoom 7 (HKLM\...\eRoom 7) (Version:  - )
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
    Google Desktop (Version: 4.2006.822.2101 - Google Inc.) Hidden
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{F2498378-DB5D-45D2-8C86-46D0C7B2CCC1}) (Version: 1.10 C1 - Hewlett-Packard)
    HP Battery Check (HKLM\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
    HP Battery Check (Version: 4.1.0.2 - Hewlett-Packard) Hidden
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0003 - HPQ)
    HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.4803 - HP)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations Powered by RocketLife)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{14D71565-08BF-472D-9376-14D999049C1A}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40.17.2 - Hewlett-Packard)
    HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    ICA (Version: 1.0 - Corel Inc.) Hidden
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)
    Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
    InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
    InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
    InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1259 - InterVideo Inc.)
    IPM (Version: 1.00.0000 - Corel Inc.) Hidden
    iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.99 - Symantec Corporation)
    Lotus Notes 8.5 (HKLM\...\{7482779A-D19E-48DA-9CAC-8DB51F949864}) (Version: 8.50.8345 - IBM)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
    Microsoft Office Project 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project Standard 2007 (HKLM\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Project Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (Version: 2.03.09.005.14 - Novatel Wireless) Hidden
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    Mouse Suite (HKLM\...\MouseSuite98) (Version:  - )
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.57 - PDF Complete, Inc.)
    QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RICOH R5C853 Media Driver Ver.1.02.00.17 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 1.02.00.17 - RICOH)
    Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION
    SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
    Setup (Version: 11.0 - Corel Inc.) Hidden
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
    System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Project 2007 Help (KB963668) (HKLM\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version:  - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
    Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
    Videora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
    WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 26.1.2013.0 - BillP Studios)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2008-04-14 08:00 - 2013-01-23 13:04 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2009-02-27 06:51 - 2009-02-27 06:51 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
    2008-05-12 14:49 - 2008-05-12 14:49 - 00040960 ____N () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2012-11-05 11:08 - 2011-02-15 14:15 - 00325632 ____N () C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
    2012-11-05 11:08 - 2011-02-15 14:15 - 01954304 ____N () C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
    2012-11-05 11:08 - 2011-02-15 14:16 - 07187456 ____N () C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
    2012-11-05 11:08 - 2011-02-15 14:15 - 00847360 ____N () C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
    2012-11-05 11:08 - 2011-02-15 13:25 - 00119808 ____N () C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-10 08:36 - 2014-05-10 08:36 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2010-07-14 22:15 - 2012-12-09 21:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    2008-05-12 14:51 - 2008-05-12 14:51 - 02842624 ____N () C:\WINDOWS\system32\btwicons.dll
    2012-11-05 11:09 - 2010-02-17 19:25 - 00132096 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
    2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 ____N () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 ____N () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 ____N () C:\Program Files\Flip Video\FlipShare\Core.dll
    2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 ____N () C:\Program Files\Flip Video\FlipShare\qca2.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 ____N () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 ____N () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 ____N () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 ____N () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 ____N () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
    2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 ____N () C:\Program Files\Flip Video\FlipShare\phonon4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 ____N () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 ____N () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 ____N () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 ____N () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
    2011-05-06 12:58 - 2011-05-06 12:58 - 01085440 ____N () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 ____N () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
    2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 ____N () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
    2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 ____N () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
    2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 ____N () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00175616 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00291840 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
    2010-05-17 09:47 - 2010-05-17 09:47 - 00110592 ____N () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
    2014-04-29 13:19 - 2014-04-23 20:33 - 00065352 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
    2014-04-29 13:19 - 2014-04-23 20:33 - 04081480 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll
    2014-04-29 13:19 - 2014-04-23 20:33 - 00390472 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
    2014-04-29 13:19 - 2014-04-23 20:33 - 01647432 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
    2014-04-28 08:12 - 2014-04-28 08:12 - 16351920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05756090.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05756090.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
    Could not list Devices. Check "winmgmt" service or repair WMI.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/13/2014 07:46:44 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 209490115.
     
    Error: (05/13/2014 07:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 34.0.1847.131, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (05/13/2014 07:45:02 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 209490115.
     
    Error: (05/13/2014 07:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 34.0.1847.131, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (05/12/2014 03:08:50 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service cannot connect to HECI driver
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32474984
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32474984
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/12/2014 08:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32472859
     
    Error: (05/12/2014 08:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32472859
     
     
    System errors:
    =============
    Error: (05/12/2014 01:17:39 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
    Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
     
    Error: (05/12/2014 01:15:00 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service AffinegyService with arguments ""
    in order to run the server:
    {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}
     
    Error: (05/12/2014 01:14:05 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:55 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:45 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:35 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:25 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:15 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:05 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:12:55 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 30%
    Total physical RAM: 3067.19 MB
    Available physical RAM: 2145.64 MB
    Total Pagefile: 4952.57 MB
    Available Pagefile: 4019.17 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1957.36 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:298.08 GB) (Free:127.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 71837183)
    Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    • 0

    #4
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    Re- ran it to make sure to capture the shortcut.txt.  I apologize for missing this on the first one and double posting.  Here are the 3 files you requested.  

     

    1. Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
    Ran by Presenter at 2014-05-17 07:20:20
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Boot Mode: Safe Mode (minimal)
    ==========================================================
     
     
    ==================== Security Center ========================
     
     
    ==================== Installed Programs ======================
     
    32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
    3ivx MPEG-4 5.0.3 (remove only) (HKLM\...\3ivx MPEG-4 5.0.3) (Version: 5.0.3 - 3ivx Technologies, Pty. Ltd.)
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AuthenTec Fingerprint System (HKLM\...\{FECEF9D2-9D3D-449B-9EA4-CFA775C99464}) (Version: 8.0.100.25 - AuthenTec, Inc.)
    Autorun Eater v2.4 (HKLM\...\Autorun Eater_is1) (Version:  - Old McDonald's Farm)
    avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
    AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
    Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
    Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.2 - Belkin International, Inc.)
    BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
    BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Canon PIXMA iP4000 (HKLM\...\CANONBJ_Deinstall_CNMCP64.DLL) (Version:  - )
    Cisco AnyConnect VPN Client (HKLM\...\{92083A9A-549D-4057-88E8-223EA08563FA}) (Version: 2.4.1012 - Cisco Systems, Inc.)
    Cisco AnyConnect VPN Client Start Before Login Components (HKLM\...\{AE2F53E7-290C-47FD-AFE3-A1EE4EE87B42}) (Version: 2.4.1012 - Cisco Systems, Inc.)
    CleanUp! (HKLM\...\CleanUp!) (Version:  - )
    Combined Modem Driver Installer (HKLM\...\{9A6F0720-739C-408B-966F-93091631A918}) (Version: 1.0.0.15 - )
    Corel WinDVD (Version: 11 - Corel Inc.) Hidden
    Corel WinDVD Pro 11 (HKLM\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.289 - Corel Inc.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
    Embedded Security for HP ProtectTools Driver (Version: 5.5.100 - Hewlett-Packard) Hidden
    EMET (HKLM\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)
    eRoom 7 (HKLM\...\eRoom 7) (Version:  - )
    ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
    FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
    Fitbit Connect (HKLM\...\Fitbit Connect) (Version: 1.0.0.2578 - Fitbit Inc.)
    FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
    Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
    Google Desktop (Version: 4.2006.822.2101 - Google Inc.) Hidden
    Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP 3D DriveGuard (HKLM\...\{F2498378-DB5D-45D2-8C86-46D0C7B2CCC1}) (Version: 1.10 C1 - Hewlett-Packard)
    HP Battery Check (HKLM\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
    HP Battery Check (Version: 4.1.0.2 - Hewlett-Packard) Hidden
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.4.0003 - HPQ)
    HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.4803 - HP)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations Powered by RocketLife)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{14D71565-08BF-472D-9376-14D999049C1A}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40.17.2 - Hewlett-Packard)
    HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    ICA (Version: 1.0 - Corel Inc.) Hidden
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}) (Version: 12.04.0000 - Intel Corporation)
    Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
    InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version:  - )
    InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
    InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1259 - InterVideo Inc.)
    IPM (Version: 1.00.0000 - Corel Inc.) Hidden
    iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
    Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
    Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.99 - Symantec Corporation)
    Lotus Notes 8.5 (HKLM\...\{7482779A-D19E-48DA-9CAC-8DB51F949864}) (Version: 8.50.8345 - IBM)
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
    Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
    Microsoft Office Project 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project Standard 2007 (HKLM\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Project Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
    Mobile Broadband Generic Drivers (Version: 2.03.09.005.14 - Novatel Wireless) Hidden
    MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
    Mouse Suite (HKLM\...\MouseSuite98) (Version:  - )
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.6128 - NVIDIA Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
    NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13550 - NVIDIA Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.57 - PDF Complete, Inc.)
    QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RICOH R5C853 Media Driver Ver.1.02.00.17 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 1.02.00.17 - RICOH)
    Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Search Protection (HKCU\...\Search Protection) (Version: 7.3.0.3 - Spigot, Inc.) <==== ATTENTION
    SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== ATTENTION
    Setup (Version: 11.0 - Corel Inc.) Hidden
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
    System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
    Update for Microsoft Office Project 2007 Help (KB963668) (HKLM\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTD_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version:  - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJSTD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
    Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
    Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
    Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    Video Mover (HKLM\...\Video Mover_is1) (Version:  - )
    Videora iPod Converter 6 (HKLM\...\Videora iPod Converter) (Version: 6 - Red Kawa)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
    WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 26.1.2013.0 - BillP Studios)
    WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}) (Version: 17.5.10480 - WinZip Computing, S.L. )
     
    ==================== Restore Points  =========================
     
    Could not list Restore Points. Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    2008-04-14 08:00 - 2013-01-23 13:04 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
     
    ==================== Safe Mode (whitelisted) ===================
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05756090.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05756090.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
     
    ==================== EXE Association (whitelisted) =============
     
     
    ==================== Disabled items from MSCONFIG ==============
     
     
    ==================== Faulty Device Manager Devices =============
     
    Could not list Devices. Check "winmgmt" service or repair WMI.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (05/13/2014 07:46:44 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 209490115.
     
    Error: (05/13/2014 07:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 34.0.1847.131, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (05/13/2014 07:45:02 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 209490115.
     
    Error: (05/13/2014 07:44:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application chrome.exe, version 34.0.1847.131, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error: (05/12/2014 03:08:50 PM) (Source: LMS) (EventID: 2) (User: NT AUTHORITY)
    Description: LMS Service cannot connect to HECI driver
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32474984
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32474984
     
    Error: (05/12/2014 08:33:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (05/12/2014 08:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 32472859
     
    Error: (05/12/2014 08:33:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 32472859
     
     
    System errors:
    =============
    Error: (05/12/2014 01:17:39 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
    Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.
     
    Error: (05/12/2014 01:15:00 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service AffinegyService with arguments ""
    in order to run the server:
    {CA16036E-70FD-41AA-AD9C-61CDD4692DAE}
     
    Error: (05/12/2014 01:14:05 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:55 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:45 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:35 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:25 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:15 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:13:05 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
    Error: (05/12/2014 01:12:55 PM) (Source: DCOM) (EventID: 10005) (User: TS8730WIMAGE)
    Description: DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments ""
    in order to run the server:
    {F5539356-2F02-40D4-999E-FA61F45FE12E}
     
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 12%
    Total physical RAM: 3067.19 MB
    Available physical RAM: 2691.72 MB
    Total Pagefile: 4957.1 MB
    Available Pagefile: 4839.13 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1948.92 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:298.08 GB) (Free:127.88 GB) NTFS ==>[Drive with boot components (Windows XP)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 71837183)
    Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================
     
    2. frst.txt
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
    Ran by Presenter (administrator) on TS8730WIMAGE on 17-05-2014 07:19:30
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (minimal)
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)
    HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
    HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [110696 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13933160 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-10] (AVAST Software)
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
    AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-21] (Google)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk
    ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Presenter\Local Settings\Application Data\dea8c6a9-3206-4f85-ac57-1000309ea107.crx [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-10]
    CHR HKLM\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files\OApps\chromeaddon2.crx [2014-05-10]
    CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
    S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-10] (AVAST Software)
    S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
    S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
    S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
    S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
    S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    S2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
    S2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    S2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2008-12-06] (IBM Corp)
    S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
    S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)
    S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
    S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-10] ()
    S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-10] (AVAST Software)
    S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-10] (AVAST Software)
    S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-10] ()
    S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-10] (AVAST Software)
    S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-10] (AVAST Software)
    S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-10] (AVAST Software)
    S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-10] ()
    S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)
    S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)
    S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)
    S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-15] (Malwarebytes Corporation)
    S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)
    S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
    S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
    R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)
    R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()
    S2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
    S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
    U2 CertPropSvc; 
    S4 IntelIde; No ImagePath
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 19:59 - 2014-05-17 07:19 - 00000000 ____D () C:\FRST
    2014-05-14 12:18 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
    2014-05-14 12:18 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2014-05-14 12:16 - 2014-05-17 03:59 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 07:45 - 2014-05-15 19:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:36 - 2014-05-13 20:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-08 10:38 - 2014-05-08 20:57 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-02 20:50 - 2014-05-02 20:51 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-20 20:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-20 20:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-20 20:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-20 20:23 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-20 20:22 - 2014-04-20 20:23 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-17 07:19 - 2014-05-15 19:59 - 00000000 ____D () C:\FRST
    2014-05-17 07:07 - 2013-03-29 21:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent
    2014-05-17 07:06 - 2009-07-02 08:30 - 01869875 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-17 03:59 - 2014-05-14 12:16 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-15 21:59 - 2010-03-11 13:43 - 00624394 _____ () C:\WINDOWS\setupapi.log
    2014-05-15 21:59 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-15 20:08 - 2010-02-16 15:38 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
    2014-05-15 20:08 - 2009-07-15 11:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 20:01 - 2013-01-30 22:50 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt
    2014-05-15 19:45 - 2014-05-14 07:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-15 19:43 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 06:49 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.dat
    2014-05-13 22:20 - 2009-07-02 08:36 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-13 22:20 - 2009-07-02 08:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-13 22:20 - 2009-07-02 04:20 - 00000431 _____ () C:\WINDOWS\wiadebug.log
    2014-05-13 22:18 - 2013-05-07 07:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-13 21:34 - 2014-02-06 09:12 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-13 21:21 - 2010-02-01 22:09 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
    2014-05-13 20:36 - 2014-05-10 08:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-13 20:34 - 2014-02-06 09:12 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-13 10:21 - 2010-02-01 22:09 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
    2014-05-12 21:14 - 2009-07-02 04:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-05-12 13:17 - 2014-03-25 21:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:37 - 2010-03-22 21:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-10 08:34 - 2014-04-09 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-05-10 08:03 - 2014-03-17 19:18 - 00000085 _____ () C:\WINDOWS\system32\miiii.jgf
    2014-05-08 20:57 - 2014-05-08 10:38 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-08 20:57 - 2009-08-12 07:32 - 00029184 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001771 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.Desktop.Exception.log
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001694 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.DesktopHelper.Exception.log
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-07 07:40 - 2012-08-21 21:00 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-05-07 07:40 - 2011-06-15 20:46 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-05-02 20:51 - 2014-05-02 20:50 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 20:51 - 2011-10-12 17:21 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-02 20:51 - 2009-07-02 11:03 - 00337498 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 02157885 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 01045110 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00992213 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00730814 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00662726 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00441594 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00379407 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00360942 _____ () C:\WINDOWS\iis6.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00149460 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00119727 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00109845 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00108352 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-29 13:19 - 2010-02-01 22:10 - 00002316 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
    2014-04-28 08:12 - 2009-08-12 07:32 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\Application Data\Adobe
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-20 20:22 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-20 20:23 - 2009-07-02 10:36 - 00000000 ____D () C:\Program Files\Java
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Presenter\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdfuvy.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\lowproc.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\RealPlayer_20130122.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\stubhelper.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\utt6CB8.tmp.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll IS MISSING <==== ATTENTION!.
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== End Of Log ============================
     
    3. shortcut.txt
     
    Users shortcut scan result (x86) Version:15-05-2014
    Ran by Presenter at 2014-05-17 07:21:21
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Boot Mode: Safe Mode (minimal)
    ==================== Shortcuts =============================
     
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\SendTo\Bluetooth\Other....lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\Administrator\NetHood\apps on e-sccm001\target.lnk -> \\e-sccm001\apps (No File)
    Shortcut: C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
    Shortcut: C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
    Shortcut: C:\Documents and Settings\Administrator\Desktop\DialerInstall.lnk -> C:\Temp\Dialer_Install.exe ()
    Shortcut: C:\Documents and Settings\Administrator\Desktop\PGPInstall.lnk -> C:\Temp\PGPDesktop99-edited.msi ()
    Shortcut: C:\Documents and Settings\Administrator\Desktop\VPN Install.lnk -> C:\Temp\vpncl-5043.exe ()
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\InterVideo WinDVD (2).lnk -> C:\Program Files\InterVideo\WinDVD\WinDVD.exe (InterVideo Inc.)
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\InterVideo WinDVD.lnk -> C:\Program Files\InterVideo\WinDVD\WinDVD.exe (InterVideo Inc.)
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lotus Notes 8.5.lnk -> C:\Program Files\Lotus\Notes\notes.exe (IBM Corp)
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
    Shortcut: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Cisco AnyConnect VPN Client.lnk -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk -> C:\WINDOWS\system32\wupdmgr.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Corel WinDVD Pro 11.lnk -> C:\Program Files\Corel\WinDVD11\WinDVD.exe (Corel Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\eRoom Files for Offline Editing.lnk -> C:\Documents and Settings\Administrator\My Documents\eRoom Files for Offline Editing ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\FlipShare.lnk -> C:\Program Files\Flip Video\FlipShare\FlipShare.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk -> C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk -> C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk -> C:\Program Files\Movie Maker\moviemk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\WinZip 17.5.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol Explorer.lnk -> C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe (BillP Studios)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol Help.lnk -> C:\Program Files\BillP Studios\WinPatrol\features.html ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol.lnk -> C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0\Getting Started.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\gettingstarted.rtf (No File)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0\Quick Reference.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\quadfold.rtf (No File)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0\Release Notes.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\releasenotes.rtf (No File)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0\User Guide.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\userguide.rtf (No File)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster\SpywareBlaster Help.lnk -> C:\Program Files\SpywareBlaster\sbhelp.chm ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster\SpywareBlaster.lnk -> C:\Program Files\SpywareBlaster\spywareblaster.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX\Control Panel.lnk -> C:\Program Files\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Uninstall.lnk -> C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter Website.lnk -> C:\Program Files\Red Kawa\Video Converter App\Videora iPod Converter.url ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\WINDOWS\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\WINDOWS\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\PDF Complete\PDF Complete.lnk -> C:\Program Files\PDF Complete\pdfvista.exe (PDF Complete Inc)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Project 2007.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\pj11icon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\cagicon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\WINDOWS\Installer\{90120000-003A-0000-0000-0000000FF1CE}\oisicon.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications\Lotus Notes 8.5.lnk -> C:\Program Files\Lotus\Notes\notes.exe (IBM Corp)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications\Notes Minder.lnk -> C:\Program Files\Lotus\Notes\nminder.exe (IBM Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD\InterVideo WinDVD.lnk -> C:\Program Files\InterVideo\WinDVD\WinDVD.exe (InterVideo Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Intel® Management and Security\Intel® Management and Security Status.lnk -> C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Battery Check.lnk -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPBC.exe (Hewlett-Packard Company)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Help.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\HP Scan.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPScan.exe (Hewlett-Packard Co.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetupLauncher.exe (Hewlett-Packard Co.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Product Support Website.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\ProductSupportShortcut.url ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Wireless Printing Online Help.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\WirelessEasyShortcut.url ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\uninst.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop\Google Desktop.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Freecell.lnk -> C:\WINDOWS\system32\freecell.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Hearts.lnk -> C:\WINDOWS\system32\mshearts.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Hearts.lnk -> C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Reversi.lnk -> C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Minesweeper.lnk -> C:\WINDOWS\system32\winmine.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Pinball.lnk -> C:\Program Files\Windows NT\Pinball\PINBALL.EXE (Cinematronics)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Solitaire.lnk -> C:\WINDOWS\system32\sol.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\WINDOWS\system32\spider.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Fitbit Connect\Fitbit Connect Website.lnk -> C:\Program Files\Fitbit Connect\Fitbit Connect website.URL ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Fitbit Connect\Fitbit Connect.lnk -> C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Fitbit Connect\Uninstall Fitbit Connect.lnk -> C:\Program Files\Fitbit Connect\uninstall.exe (Fitbit Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT\Documentation.lnk -> C:\Program Files\ERUNT\README.TXT ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT\ERUNT Homepage.lnk -> C:\Program Files\ERUNT\ERUNT.URL ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT\ERUNT.lnk -> C:\Program Files\ERUNT\ERUNT.EXE ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT\NTREGOPT.lnk -> C:\Program Files\ERUNT\NTREGOPT.EXE ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT\Uninstall ERUNT.lnk -> C:\Program Files\ERUNT\unins000.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\eRoom 7\Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Cisco\Cisco AnyConnect VPN Client\Cisco AnyConnect VPN Client.lnk -> C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnui.exe (Cisco Systems, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP4000\Readme.lnk -> C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\Readme_English.txt ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry\BlackBerry Desktop Software.lnk -> C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\BlackBerry\Readme.lnk -> C:\Program Files\Research In Motion\BlackBerry Desktop\BlackBerry Desktop Software readme.rtf ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Belkin\Belkin Router Monitor.lnk -> C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\AviSynth Documentation.lnk -> C:\Program Files\AviSynth 2.5\Docs\English\index.htm ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\Example Scripts.lnk -> C:\Program Files\AviSynth 2.5\Examples ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\License.lnk -> C:\Program Files\AviSynth 2.5\gpl.txt ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\Plugin Directory.lnk -> C:\Program Files\AviSynth 2.5\plugins ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater\Autorun Eater.lnk -> C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater\Farm Manual.lnk -> C:\Program Files\Autorun Eater\aehelp.chm ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater\Uninstall Autorun Eater.lnk -> C:\Program Files\Autorun Eater\unins000.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\Com\comexp.msc ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\WINDOWS\system32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( )
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk -> C:\WINDOWS\system32\calc.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\powershell_ise.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk -> C:\WINDOWS\system32\ntbackup.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk -> C:\WINDOWS\system32\dfrg.msc ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk -> C:\WINDOWS\system32\usmt\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk -> C:\WINDOWS\system32\wscui.cpl (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\WINDOWS\system32\Restore\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk -> C:\WINDOWS\system32\sndrec32.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk -> C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk -> C:\Program Files\Windows NT\hypertrm.exe (Hilgraeve, Inc.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk -> C:\WINDOWS\system32\accwiz.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\3ivx Config.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\3ivxConfig.exe (3ivx Technologies Pty. Ltd.)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\forums.3ivx.com.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\forums.3ivx.com.url ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\ReadMe.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\ReadMe.mht ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\store.3ivx.com.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\store.3ivx.com.url ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\Uninstall.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe ()
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\3ivx\3ivx MPEG-4 5.0.3\www.3ivx.com.lnk -> C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\www.3ivx.com.url ()
    Shortcut: C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk -> C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    Shortcut: C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk -> C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
    Shortcut: C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    Shortcut: C:\Documents and Settings\All Users\Desktop\BlackBerry Desktop Software.lnk -> C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe (Research In Motion)
    Shortcut: C:\Documents and Settings\All Users\Desktop\Corel WinDVD Pro 11.lnk -> C:\Program Files\Corel\WinDVD11\WinDVD.exe (Corel Corporation)
    Shortcut: C:\Documents and Settings\All Users\Desktop\FlipShare.lnk -> C:\Program Files\Flip Video\FlipShare\FlipShare.exe ()
    Shortcut: C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
    Shortcut: C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> C:\Program Files\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk -> C:\Program Files\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
    Shortcut: C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
    Shortcut: C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk -> C:\Program Files\SpywareBlaster\spywareblaster.exe ()
    Shortcut: C:\Documents and Settings\All Users\Desktop\WinZip.lnk -> C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Enhanced Mitigation Experience Toolkit\EMET 3.0.lnk -> C:\Documents and Settings\Presenter\Application Data\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_4D69E3CD100D782CD01439.exe ()
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Enhanced Mitigation Experience Toolkit\EMET Users Guide.lnk -> C:\Documents and Settings\Presenter\Application Data\Microsoft\Installer\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}\_9A017C9EDA4365E39E44AF.exe ()
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\CleanUp!\CleanUp! Help.lnk -> C:\Program Files\CleanUp!\CleanUp.hlp ()
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\CleanUp!\CleanUp! Web Site.lnk -> C:\Program Files\CleanUp!\CleanUp! Web Site.url ()
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\CleanUp!\CleanUp!.lnk -> C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\CleanUp!\Uninstall.lnk -> C:\Program Files\CleanUp!\uninstall.exe ()
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\AviSynth 2.5\Uninstall AviSynth.lnk -> C:\Program Files\AviSynth 2.5\Uninstall.exe (The Public)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\SendTo\Bluetooth\Other....lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\Presenter\My Documents\Malwarebytes' Anti-Malware.lnk -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Documents and Settings\Presenter\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
    Shortcut: C:\Documents and Settings\Presenter\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
    Shortcut: C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Documents and Settings\Presenter\Desktop\Update Checker.lnk -> C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    Shortcut: C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to BWI Comments.lnk -> C:\Documents and Settings\Presenter\Desktop\BWI Comments.doc (No File)
    Shortcut: C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to JCB MTG Notes Michael Forcher is JCB Focus Mgr.lnk -> C:\Documents and Settings\Presenter\Desktop\JCB MTG Notes Michael Forcher is JCB Focus Mgr.doc (No File)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP\SendTo\Bluetooth\Other....lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\TEMP\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
    Shortcut: C:\Documents and Settings\TEMP\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
    Shortcut: C:\Documents and Settings\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\SendTo\Bluetooth\Other....lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
    Shortcut: C:\Documents and Settings\TEMP.TS8730WIMAGE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Outlook Express.lnk -> C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Address Book.lnk -> C:\Program Files\Outlook Express\wab.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Synchronize.lnk -> C:\WINDOWS\system32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Tour Windows XP.lnk -> C:\WINDOWS\system32\tourstart.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk -> C:\WINDOWS\system32\magnify.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Documents and Settings\user\SendTo\Bluetooth\Other....lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe (Broadcom Corporation.)
    Shortcut: C:\Documents and Settings\user\My Documents\My Pictures\Sample Pictures.lnk -> C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures ()
    Shortcut: C:\Documents and Settings\user\My Documents\My Music\Sample Music.lnk -> C:\Documents and Settings\All Users\Documents\My Music\Sample Music ()
    Shortcut: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
     
     
     
     
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Desktop.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) -> /homepage
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk -> C:\WINDOWS\system32\control.exe (Microsoft Corporation) -> appwiz.cpl,,3
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ->  /launchsearchwindow
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\Uninstall WinPatrol.lnk -> C:\Documents and Settings\All Users\Application Data\InstallMate\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}\Setup.exe (Tarma Software Research Pty Ltd) -> /remove /q0
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ->  /startup
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa\Videora iPod Converter\Videora iPod Converter.lnk -> C:\Program Files\Red Kawa\Video Converter App\VideoConverterApp.exe (Red Kawa) -> -iPod_5G
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Intel PROSet Wireless\WiFi Connection Utility.lnk -> C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) -> /af Intel PROSet/Wireless
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HP Photosmart 5520 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Uninstall.lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /qb /x {14D71565-08BF-472D-9376-14D999049C1A}
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\HP\HP Photosmart 5520 series\Update IP Address.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe (Hewlett-Packard Co.) -> /changeip ""
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop\Google Desktop Options.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) -> /preferences
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop\Google Desktop Sidebar.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) -> /sidebar
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop\Uninstall Google Desktop.lnk -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe (Google) -> -uninstall
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP4000\Guide.lnk -> C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\helpkicker.exe () -> -pCanon PIXMA iP4000;CNMMH64.HLP;
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP4000\Uninstall.lnk -> C:\WINDOWS\system32\CNMCP64.exe (CANON INC.) -> "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi0409.dll"
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk -> C:\WINDOWS\system32\secpol.msc () -> /s
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk -> C:\WINDOWS\system32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk -> C:\WINDOWS\system32\services.msc () -> /s
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk -> C:\WINDOWS\system32\wiaacmgr.exe (Microsoft Corporation) -> -SelectDevice
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk -> C:\WINDOWS\explorer.exe (Microsoft Corporation) -> ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> hnetwiz.dll,HomeNetWizardRunDll
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> netshell.dll,StartNCW
    ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk -> C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation) -> shell32.dll,Control_RunDLL NetSetup.cpl,@0,WNSW
    ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\HP Photosmart 5520 series.lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HP Photosmart 5520 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
    ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\Videora iPod Converter.lnk -> C:\Program Files\Red Kawa\Video Converter App\VideoConverterApp.exe (Red Kawa) -> -iPod_5G
    ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Documents and Settings\Presenter\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\CleanUp!\CleanUp! (demo mode).lnk -> C:\Program Files\CleanUp!\Cleanup.exe (Steven R. Gould) -> /demo
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
    ShortcutWithArgument: C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\TEMP\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\TEMP\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Documents and Settings\TEMP\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
    ShortcutWithArgument: C:\Documents and Settings\TEMP\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Documents and Settings\TEMP.TS8730WIMAGE\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
    ShortcutWithArgument: C:\Documents and Settings\TEMP.TS8730WIMAGE\Desktop\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\user\Start Menu\Programs\Remote Assistance.lnk -> C:\WINDOWS\system32\rcimlby.exe (Microsoft Corporation) -> -LaunchRA
    ShortcutWithArgument: C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Documents and Settings\user\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk -> C:\WINDOWS\system32\utilman.exe (Microsoft Corporation) -> /start
     
     
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\microsoft...r.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\microsoft.com.url -> hxxp://home.microsoft.com/
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\msn.com.url -> hxxp://www.msn.com/
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\sun...AutoDL.url -> hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=32383
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\sun...Browser.url -> hxxp://jdl.sun.com/webapps/getjava/BrowserRedirect?locale=en&host=www.java.com:80
    InternetURL: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\821181d23bf1\Links\sun...JavaSet.url -> hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jre/6u14-b70/JavaSetup6u14.exe?e=1246545408544&h=855694ca294072c0fd65a14614f96f7f/&filename=JavaSetup6u14.exe
    InternetURL: C:\Documents and Settings\Administrator\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
    InternetURL: C:\Documents and Settings\Administrator\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
    InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\eRoom 7\Documentum Web Site.url -> hxxp://www.documentum.com/
    InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\AviSynth Online.url -> hxxp://www.avisynth.org
    InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5\Download Plugins.url -> hxxp://www.avisynth.org/warpenterprises/
    InternetURL: C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater\Visit The Farm!.url -> hxxp://oldmcdonald.wordpress.com/
    InternetURL: C:\Documents and Settings\Presenter\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
    InternetURL: C:\Documents and Settings\Presenter\Favorites\BONNEVILLE CONSTRUCTION SE Electrical, contractors, construction, ... - San Juan.url -> hxxp://www.sanjuanbest.com/Cidra.BONNEVILLE-CONSTRUCTION-SE-181636.profile.htm
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Cascade wireless routers.url -> hxxp://www6.nohold.net/Cisco2/ukp.aspx?pid=80&vw=1&articleid=3733
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Cheers Oral History - GQ October 2012 Movies + TV GQ.url -> hxxp://www.gq.com/entertainment/movies-and-tv/201210/cheers-oral-history-extended?src=longreads
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Citibank Online Statements.url -> https://www.onlinest...exd/ESLogin.jsp
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Citi® Commercial Cards.url -> https://home.cards.c...Card/Cards.html
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Compare Electric Rate Connecticut & Lower Electric CT Bill.url -> hxxp://ctenergysavings.com/epp/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\CROSSPORTS - excoboard.com.url -> hxxp://s2.excoboard.com/Crossports
    InternetURL: C:\Documents and Settings\Presenter\Favorites\CT Energy Info.url -> hxxp://www.ctenergyinfo.com/display_rates.htm?show_submenu=wcwkvsg0
    InternetURL: C:\Documents and Settings\Presenter\Favorites\ESET Online Scanner.url -> hxxp://go.eset.com/us/online-scanner/run/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Free Shipping  Bobbi Brown Cosmetics.url -> hxxp://www.bobbibrowncosmetics.com/customer_service/promotions/free_shipping.tmpl?cm_guid=1-_-100000000000000020354-_-9357040801&ngextredir=1&cm_mmc=Google-_-TM-BRAND-EXACT-_-BobbiBrown-TM-_-bobbi%20brown
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Great Neck Country Club - Golf Course Waterford, CT  Weddings Waterford, CT.url -> hxxp://www.greatneckgolf.com/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\How to Tell If an Outside User Is on Your Wireless Network - wikiHow.url -> hxxp://www.wikihow.com/Tell-If-an-Outside-User-Is-on-Your-Wireless-Network
    InternetURL: C:\Documents and Settings\Presenter\Favorites\https--home.cards.citidirect.com-CommercialCard-Cards.html.url -> https://home.cards.c...Card/Cards.html
    InternetURL: C:\Documents and Settings\Presenter\Favorites\K2 Careers Page.url -> hxxp://www.k2consulting.com/career/Careers.con.html
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Lost - The End See you in the other life, brother - HitFix.com.url -> hxxp://www.hitfix.com/blogs/whats-alan-watching/posts/lost-the-end-see-you-in-the-other-life-brother?m=k
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Marriott Rewards.url -> https://www.skymall....=K8&partner=25G
    InternetURL: C:\Documents and Settings\Presenter\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Office Pool Manager, Football Pool, Pick'em, Survivor, Hockey Pool.url -> hxxp://www.simplysportsware.com/Login.aspx
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Page 1 « The Sopranos Definitive Explanation of “The END”.url -> hxxp://masterofsopranos.wordpress.com/the-sopranos-definitive-explanation-of-the-end/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Per Diem Rates.url -> hxxp://www.gsa.gov/portal/category/21287
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Raytheon expense reports.url -> https://webauth.rayt...e.raytheon.com/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Raytheon Home.url -> https://webauth.ext....om-/irj-/portal
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Raytheon SSL VPN Service.url -> https://bos-link01a....COE /logon.html
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Raytheon Travel.url -> https://webauth.rayt...o.raytheon.com/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\RealTime Fantasy Sports - degan.url -> hxxp://www.rtsports.com/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Shaun T's Insanity Workout Calender.url -> hxxp://www.docstoc.com/docs/20001625/Shaun-Ts-Insanity-Workout-Calender
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Sign In - Free Fantasy Football - ESPN.url -> hxxp://games.espn.go.com/ffl/signin?redir=http%3A%2F%2Fgames.espn.go.com%2Fffl%2Fleagueoffice%3FleagueId%3D416696
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Sign in to Yahoo!.url -> https://login.yahoo....rc=spt&.intl=us
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Touchstone Status.url -> hxxp://192.168.100.1/
    InternetURL: C:\Documents and Settings\Presenter\Favorites\US Airways  Airline tickets, vacations & business flights.url -> hxxp://flights.usairways.com/checkin/PrintViewDetails.aspx
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Weight Watchers Points Plus Restaurant List.url -> hxxp://www.exercise4weightloss.com/weight-watchers-points.html
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Welcome  The Knot Wedding Websites.url -> hxxp://timandange.com/view/8471447712225625/6514984
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?linkid=69151
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Microsoft Websites\Welcome to IE7.url -> hxxp://go.microsoft.com/fwlink/?linkid=68919
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
    InternetURL: C:\Documents and Settings\Presenter\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Documents and Settings\Presenter\Desktop\HP Printer Diagnostic Tools.url -> hxxp://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e016-1&h_keyword=dg-THD&jumpid=ex_r4155/hho/ipg/ccdoc/trailhead_doc
    InternetURL: C:\Documents and Settings\user\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
    InternetURL: C:\Documents and Settings\user\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
    InternetURL: C:\Documents and Settings\user\Favorites\Links\Customize Links.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=CLinks
    InternetURL: C:\Documents and Settings\user\Favorites\Links\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
    InternetURL: C:\Documents and Settings\user\Favorites\Links\Windows Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=30857&clcid=0x409
    InternetURL: C:\Documents and Settings\user\Favorites\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
    InternetURL: C:\Documents and Settings\user\Favorites\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
     
    ==================== End of log =============================
     
     
     

    • 0

    #5
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 11,591 posts

    Launch FRST.

     

    Type the following in the edit box on FRST, after "Search:".

     
    rpcss.dll
     
    It then should look like:
     
    Search: rpcss.dll
     
    Click Search button and post the log (Search.txt) it makes in your next reply.

    • 0

    #6
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    Thanks again and here you go.

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
    Ran by Presenter (administrator) on TS8730WIMAGE on 17-05-2014 16:03:10
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (minimal)
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)
    HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
    HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [110696 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13933160 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-10] (AVAST Software)
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
    AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-21] (Google)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk
    ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Presenter\Local Settings\Application Data\dea8c6a9-3206-4f85-ac57-1000309ea107.crx [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-10]
    CHR HKLM\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files\OApps\chromeaddon2.crx [2014-05-10]
    CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
    S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-10] (AVAST Software)
    S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
    S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
    S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
    S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
    S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    S2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
    S2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    S2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2008-12-06] (IBM Corp)
    S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
    S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)
    S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
    S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-10] ()
    S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-10] (AVAST Software)
    S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-10] (AVAST Software)
    S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-10] ()
    S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-10] (AVAST Software)
    S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-10] (AVAST Software)
    S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-10] (AVAST Software)
    S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-10] ()
    S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)
    S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)
    S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)
    S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-15] (Malwarebytes Corporation)
    S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)
    S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
    S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
    R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)
    R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()
    S2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
    S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
    U2 CertPropSvc; 
    S4 IntelIde; No ImagePath
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 19:59 - 2014-05-17 16:03 - 00000000 ____D () C:\FRST
    2014-05-14 12:18 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
    2014-05-14 12:18 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2014-05-14 12:16 - 2014-05-17 03:59 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 07:45 - 2014-05-15 19:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:36 - 2014-05-13 20:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-08 10:38 - 2014-05-08 20:57 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-02 20:50 - 2014-05-02 20:51 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-20 20:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-20 20:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-20 20:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-20 20:23 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-20 20:22 - 2014-04-20 20:23 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-17 16:03 - 2014-05-15 19:59 - 00000000 ____D () C:\FRST
    2014-05-17 07:07 - 2013-03-29 21:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent
    2014-05-17 07:06 - 2009-07-02 08:30 - 01869875 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-17 03:59 - 2014-05-14 12:16 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-15 21:59 - 2010-03-11 13:43 - 00624394 _____ () C:\WINDOWS\setupapi.log
    2014-05-15 21:59 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-15 20:08 - 2010-02-16 15:38 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
    2014-05-15 20:08 - 2009-07-15 11:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 20:01 - 2013-01-30 22:50 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt
    2014-05-15 19:45 - 2014-05-14 07:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-15 19:43 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 06:49 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.dat
    2014-05-13 22:20 - 2009-07-02 08:36 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-13 22:20 - 2009-07-02 08:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-13 22:20 - 2009-07-02 04:20 - 00000431 _____ () C:\WINDOWS\wiadebug.log
    2014-05-13 22:18 - 2013-05-07 07:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-13 21:34 - 2014-02-06 09:12 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-13 21:21 - 2010-02-01 22:09 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
    2014-05-13 20:36 - 2014-05-10 08:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-13 20:34 - 2014-02-06 09:12 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-13 10:21 - 2010-02-01 22:09 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
    2014-05-12 21:14 - 2009-07-02 04:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-05-12 13:17 - 2014-03-25 21:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:37 - 2010-03-22 21:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-10 08:34 - 2014-04-09 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-05-10 08:03 - 2014-03-17 19:18 - 00000085 _____ () C:\WINDOWS\system32\miiii.jgf
    2014-05-08 20:57 - 2014-05-08 10:38 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-08 20:57 - 2009-08-12 07:32 - 00029184 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001771 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.Desktop.Exception.log
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001694 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.DesktopHelper.Exception.log
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-07 07:40 - 2012-08-21 21:00 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-05-07 07:40 - 2011-06-15 20:46 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-05-02 20:51 - 2014-05-02 20:50 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 20:51 - 2011-10-12 17:21 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-02 20:51 - 2009-07-02 11:03 - 00337498 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 02157885 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 01045110 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00992213 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00730814 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00662726 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00441594 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00379407 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00360942 _____ () C:\WINDOWS\iis6.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00149460 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00119727 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00109845 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00108352 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-29 13:19 - 2010-02-01 22:10 - 00002316 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
    2014-04-28 08:12 - 2009-08-12 07:32 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\Application Data\Adobe
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-20 20:22 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-20 20:23 - 2009-07-02 10:36 - 00000000 ____D () C:\Program Files\Java
     
    Some content of TEMP:
    ====================
    C:\Documents and Settings\Presenter\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdfuvy.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\lowproc.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\RealPlayer_20130122.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\stubhelper.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\utt6CB8.tmp.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll IS MISSING <==== ATTENTION!.
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== End Of Log ============================

    • 0

    #7
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 11,591 posts

    You re-scanned with FRST. Read well, we need to seach for this file:

     

    Launch FRST (the program, but do not scan).

     

    Type the following in the edit box on FRST, after "Search:".

     
    rpcss.dll
     
    It then should look like:
     
    Search: rpcss.dll
     
    Click on the Search button and post the log (Search.txt) it makes in the same location FRST is saved..

    • 0

    #8
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    I apologize for the oversight and appreciate your assistance, but when I type that in I can choose scan, search files, search registry or fix.  I want to be accurate.  Here is the result when I hit search files.  

     

     

    Farbar Recovery Scan Tool (x86) Version:15-05-2014
    Ran by Presenter at 2014-05-17 21:29:35
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Boot Mode: Safe Mode (minimal)
     
    ================== Search: "rpcss.dll" ===================
     
    C:\WINDOWS\ERDNT\cache\rpcss.dll
    [2010-07-12 08:46] - [2009-02-09 08:10] - 0401408 ____N (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c 
     
    C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
    [2009-07-02 11:05] - [2008-04-14 08:00] - 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509 
     
    C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [2009-07-02 10:56] - [2009-02-09 06:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2 
     
    === End Of Search ===

    • 0

    #9
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 11,591 posts

    Download the enclosed file. 

     

    Save it in the same location FRST is saved.

     

    Launch FRST (Do not scan) and click on the Fix button.

     

    The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
     
    Now, re-scan with FRST and post its report (FRST.txt).
     

    • 0

    #10
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    Thanks again for your continued assistance.  Here are the requested logs.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
    Ran by Presenter at 2014-05-18 13:10:28 Run:1
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Boot Mode: Safe Mode (minimal)
     
    ==============================================
     
    Content of fixlist:
    *****************
    Start
    Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdfuvy.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u45-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\lowproc.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\RealPlayer_20130122.exe
    C:\Documents and Settings\Presenter\Local Settings\temp\stubhelper.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\utt6CB8.tmp.exe
    End
    *****************
     
    Could not find C:\WINDOWS\system32\rpcss.dll
    C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll
    C:\Documents and Settings\Presenter\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdfuvy.dll => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\lowproc.exe => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\RealPlayer_20130122.exe => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\stubhelper.dll => Moved successfully.
    C:\Documents and Settings\Presenter\Local Settings\temp\utt6CB8.tmp.exe => Moved successfully.
     
    ==== End of Fixlog ====
     
     
    And frst
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
    Ran by Presenter (administrator) on TS8730WIMAGE on 18-05-2014 13:10:55
    Running from C:\Documents and Settings\Presenter\My Documents\Downloads
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (minimal)
     
    The only official download link for FRST:
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
     
    ==================== Processes (Whitelisted) =================
     
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-07-02] (Analog Devices, Inc.)
    HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\WINDOWS\system32\AccelerometerSt.Exe [82224 2008-10-14] (Hewlett-Packard Corporation)
    HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [181816 2009-04-15] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1368064 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-02-27] (Intel® Corporation)
    HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [367128 2009-07-02] (Intel Corporation)
    HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [319000 2008-08-08] (PDF Complete Inc)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
    HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-23] (InterVideo Inc.)
    HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM\...\Run: [Autorun Eater] => C:\Program Files\Autorun Eater\oldmcdonald.exe [549400 2009-05-26] (Old McDonald's Farm)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-11-04] ()
    HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [110696 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13933160 2010-12-04] (NVIDIA Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [InstaLAN] => C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
    HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-10] (AVAST Software)
    HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [306688 2012-03-26] (FileHippo.com)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3093024 2013-02-25] (Fitbit, Inc.)
    HKU\S-1-5-21-3866077675-454247996-117300071-1006\...\Run: [Google Update] => C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
    AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-21] (Google)
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Monitor My eRooms (V7).lnk
    ShortcutTarget: Monitor My eRooms (V7).lnk -> C:\Program Files\eRoom 7\ERClient7.exe (Documentum, Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://bos-link01a....ries/vpnweb.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
     
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
     
    Chrome: 
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR StartupUrls: "hxxp://www.google.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (YouTube) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
    CHR Extension: (Google Search) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR Extension: (Gmail) - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Presenter\Local Settings\Application Data\dea8c6a9-3206-4f85-ac57-1000309ea107.crx [2011-12-16]
    CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-10]
    CHR HKLM\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files\OApps\chromeaddon2.crx [2014-05-10]
    CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Documents and Settings\Presenter\Local Settings\Application Data\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
    CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ========================== Services (Whitelisted) =================
     
    S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
    S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1164536 2008-06-12] (AuthenTec, Inc.)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-10] (AVAST Software)
    S4 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [152064 2010-02-17] ()
    S4 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [49152 2010-02-09] ()
    S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
    S2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1239584 2013-02-25] (Fitbit, Inc.)
    S2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
    S2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-21] (Google)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
    S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation)
    S2 Lotus Notes Diagnostics; C:\Program Files\Lotus\Notes\nsd.exe [3315080 2008-12-06] (IBM)
    S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
    S2 Multi-user Cleanup Service; C:\Program Files\Lotus\Notes\ntmulti.exe [58760 2008-12-06] (IBM Corp)
    S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [777240 2008-08-08] (PDF Complete Inc)
    S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-02-27] (Intel® Corporation)
    S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-07-02] (Intel Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 AFGSp50; C:\WINDOWS\System32\Drivers\AFGSp50.sys [27072 2011-02-15] (Printing Communications Assoc., Inc. (PCAUSA))
    S2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-10] ()
    S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-10] (AVAST Software)
    S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-10] (AVAST Software)
    S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-10] ()
    S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-10] (AVAST Software)
    S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-10] (AVAST Software)
    S1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-10] (AVAST Software)
    S0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-10] ()
    S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539512 2009-07-02] (Broadcom Corporation.)
    S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879624 2009-07-02] (Broadcom Corporation.)
    S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74688 2009-07-02] (Broadcom Corporation.)
    S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [239760 2009-03-27] (Intel Corporation)
    S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
    S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2009-07-02] (Infineon Technologies AG)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-05-15] (Malwarebytes Corporation)
    S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
    S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [4202496 2009-07-02] (Intel Corporation)
    S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-12-18] (Novatel Wireless Inc.)
    S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-12-18] (Novatel Wireless Inc.)
    S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2009-03-31] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 rismc32; C:\WINDOWS\System32\DRIVERS\rismc32.sys [47616 2006-12-20] (RICOH Company, Ltd.)
    S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
    R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2009-07-02] (Sonic Focus, Inc)
    R3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [28288 2009-12-02] ()
    S2 sxuptp; C:\WINDOWS\System32\DRIVERS\sxuptp.sys [246936 2009-06-22] (silex technology, Inc.)
    S3 AFGMp50; System32\Drivers\AFGMp50.sys [X]
    U2 CertPropSvc; 
    S4 IntelIde; No ImagePath
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-05-18 13:10 - 2009-02-09 06:56 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 19:59 - 2014-05-18 13:10 - 00000000 ____D () C:\FRST
    2014-05-14 12:18 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
    2014-05-14 12:18 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
    2014-05-14 12:16 - 2014-05-17 03:59 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 07:45 - 2014-05-15 19:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:36 - 2014-05-13 20:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-08 10:38 - 2014-05-08 20:57 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-02 20:50 - 2014-05-02 20:51 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2014-04-20 20:23 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
    2014-04-20 20:23 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
    2014-04-20 20:23 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
    2014-04-20 20:23 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2014-04-20 20:22 - 2014-04-20 20:23 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
     
    ==================== One Month Modified Files and Folders =======
     
    2014-05-18 13:10 - 2014-05-15 19:59 - 00000000 ____D () C:\FRST
    2014-05-18 13:07 - 2010-03-11 13:43 - 00625290 _____ () C:\WINDOWS\setupapi.log
    2014-05-18 13:07 - 2008-04-14 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-05-17 23:00 - 2009-07-15 11:43 - 00000178 ___SH () C:\Documents and Settings\Presenter\ntuser.ini
    2014-05-17 23:00 - 2009-07-02 08:30 - 01870716 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-05-17 07:07 - 2013-03-29 21:07 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\uTorrent
    2014-05-17 03:59 - 2014-05-14 12:16 - 00000000 ____D () C:\VIPRERESCUE
    2014-05-15 20:08 - 2010-02-16 15:38 - 00393216 _____ () C:\WINDOWS\system32\config\VPN.evt
    2014-05-15 20:02 - 2014-05-15 20:02 - 00036438 _____ () C:\Documents and Settings\Presenter\Desktop\FRST.txt05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-15.txt
    2014-05-15 20:01 - 2014-05-15 20:01 - 00036088 _____ () C:\Documents and Settings\Presenter\Desktop\FRST Scan 05-15.txt
    2014-05-15 20:01 - 2013-01-30 22:50 - 00107254 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt
    2014-05-15 19:45 - 2014-05-14 07:45 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2014-05-15 19:43 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.001
    2014-05-14 08:17 - 2014-05-14 08:17 - 00099424 _____ () C:\Documents and Settings\Presenter\Desktop\OTL.Txt 05-14-14.txt
    2014-05-14 06:49 - 2010-08-29 21:51 - 00066713 _____ () C:\WINDOWS\system32\nvModes.dat
    2014-05-13 22:20 - 2009-07-02 08:36 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-05-13 22:20 - 2009-07-02 08:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-05-13 22:20 - 2009-07-02 04:20 - 00000431 _____ () C:\WINDOWS\wiadebug.log
    2014-05-13 22:18 - 2013-05-07 07:42 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-05-13 21:34 - 2014-02-06 09:12 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-05-13 21:21 - 2010-02-01 22:09 - 00000994 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
    2014-05-13 20:36 - 2014-05-10 08:36 - 00000370 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
    2014-05-13 20:34 - 2014-02-06 09:12 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-05-13 10:21 - 2010-02-01 22:09 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
    2014-05-12 21:14 - 2009-07-02 04:20 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2014-05-12 13:17 - 2014-03-25 21:26 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
    2014-05-10 09:08 - 2014-05-10 09:08 - 00000000 ____D () C:\Documents and Settings\Presenter\Application Data\AVAST Software
    2014-05-10 08:37 - 2014-05-10 08:37 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-05-10 08:37 - 2014-05-10 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast
    2014-05-10 08:37 - 2010-03-22 21:08 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-05-10 08:36 - 2014-05-10 08:36 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2014-05-10 08:36 - 2014-05-10 08:36 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2014-05-10 08:36 - 2014-05-10 08:36 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2014-05-10 08:36 - 2014-05-10 08:36 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
    2014-05-10 08:35 - 2014-05-10 08:35 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-05-10 08:34 - 2014-04-09 21:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-05-10 08:03 - 2014-03-17 19:18 - 00000085 _____ () C:\WINDOWS\system32\miiii.jgf
    2014-05-08 20:57 - 2014-05-08 10:38 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\camera
    2014-05-08 20:57 - 2009-08-12 07:32 - 00029184 _____ () C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001771 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.Desktop.Exception.log
    2014-05-08 10:41 - 2012-04-02 23:23 - 00001694 _____ () C:\Documents and Settings\Presenter\Application Data\Rim.DesktopHelper.Exception.log
    2014-05-08 10:39 - 2014-05-08 10:39 - 00000000 ____D () C:\Documents and Settings\Presenter\Desktop\ringtones
    2014-05-07 07:40 - 2012-08-21 21:00 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-05-07 07:40 - 2011-06-15 20:46 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-05-02 20:51 - 2014-05-02 20:50 - 00005576 _____ () C:\WINDOWS\KB2964358-IE8.log
    2014-05-02 20:51 - 2011-10-12 17:21 - 00000000 ____D () C:\WINDOWS\ie8updates
    2014-05-02 20:51 - 2009-07-02 11:03 - 00337498 _____ () C:\WINDOWS\updspapi.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 02157885 _____ () C:\WINDOWS\FaxSetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 01045110 _____ () C:\WINDOWS\ocgen.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00992213 _____ () C:\WINDOWS\tsoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00730814 _____ () C:\WINDOWS\comsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00662726 _____ () C:\WINDOWS\msmqinst.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00441594 _____ () C:\WINDOWS\ntdtcsetup.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00379407 _____ () C:\WINDOWS\netfxocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00360942 _____ () C:\WINDOWS\iis6.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00149460 _____ () C:\WINDOWS\MedCtrOC.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00119727 _____ () C:\WINDOWS\ocmsn.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00109845 _____ () C:\WINDOWS\tabletoc.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00108352 _____ () C:\WINDOWS\msgsocm.log
    2014-05-02 20:51 - 2009-07-02 04:18 - 00001355 _____ () C:\WINDOWS\imsins.log
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
    2014-04-30 04:13 - 2008-04-14 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-04-29 13:19 - 2010-02-01 22:10 - 00002316 _____ () C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
    2014-04-28 08:12 - 2009-08-12 07:32 - 00000000 ____D () C:\Documents and Settings\Presenter\Local Settings\Application Data\Adobe
    2014-04-20 20:23 - 2014-04-20 20:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2014-04-20 20:23 - 2014-04-20 20:22 - 00003995 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
    2014-04-20 20:23 - 2009-07-02 10:36 - 00000000 ____D () C:\Program Files\Java
     
    ==================== Bamital & volsnap Check =================
     
    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== End Of Log ============================

    • 0

    Advertisements


    #11
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 11,591 posts

    Great, lets scan the computer.

     

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
     
     

     

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
     

    Download : ADWCleaner to your desktop.
     
    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.
     
    Close  all programs and click on the AdwCleaner icon.
     
    scan-results.jpg
     
    Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
     
    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
     

    bf_new.gif Please download Malwarebytes' Anti-Malware from Here
     
    Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
    • Select the language and click OK.
    • Accept the agreement
    • Make sure a checkmark is placed next to Enable the Free Trial and Launch
    • Malwarebytes' Anti-Malware, then click on finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now".
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click on Quanrantee All,.
    • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
    • Upon restart, launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Right click on your next reply and select Paste.
    • Submit your reply.
     
     
    Extra Note:
     
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     

     


    • 0

    #12
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    I two of the logs as requested.  When trying to download MBAM I receive the following error message.  run time error code '372':  failed to load control 'vbalgrid' from vbalgrid6.ocx.  your version of vbalgrid6.ocx may be outdaetd.  make sure you are using the version of the control thatw as provided with your application."

     

    I do have mbam installed on my machine currently.  I believe I should uninstall and reinstall but wanted to check with you prior to taking that step.  Let me know and we can proceed.  Here are the two logs.

     

    JRT

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Presenter on Sun 05/18/2014 at 16:10:56.71
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Documents and Settings\Presenter\Application Data\red kawa"
    Successfully deleted: [Folder] "C:\Documents and Settings\Presenter\Application Data\search protection"
    Successfully deleted: [Folder] "C:\Documents and Settings\Presenter\Local Settings\Application Data\conduit"
    Successfully deleted: [Folder] "C:\Documents and Settings\Presenter\Local Settings\Application Data\cre"
    Successfully deleted: [Folder] "C:\Program Files\conduit"
    Successfully deleted: [Folder] "C:\Program Files\oapps"
    Successfully deleted: [Folder] "C:\Program Files\red kawa"
    Successfully deleted: [Folder] "C:\Documents and Settings\Presenter\start menu\programs\system progressive protection"
     
     
     
    ~~~ Chrome
     
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 05/18/2014 at 16:15:18.27
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    ADW
     
    # AdwCleaner v3.209 - Report created 18/05/2014 at 19:45:26
    # Updated 18/05/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Presenter - TS8730WIMAGE
    # Running from : C:\Documents and Settings\Presenter\My Documents\Downloads\AdwCleaner.exe
    # Option : Clean
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v8.0.6001.18702
     
     
    -\\ Google Chrome v
     
    [ File : C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
     
    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
     
    *************************
     
    AdwCleaner[R0].txt - [1596 octets] - [18/05/2014 19:43:17]
    AdwCleaner[S0].txt - [1533 octets] - [18/05/2014 19:45:26]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1593 octets] ##########
     

    • 0

    #13
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    After seeing that same error message a few times MBAM did indeed install and Iran the scan.  Below is the log.  Thanks.

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 5/18/2014
    Scan Time: 8:36:51 PM
    Logfile: mbamlog.txt
    Administrator: Yes
     
    Version: 2.00.1.1004
    Malware Database: v2014.03.04.09
    Rootkit Database: v2014.02.20.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled
     
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Presenter
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 335532
    Time Elapsed: 10 min, 20 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Warn
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
     
     
    I still have no task bar at the bottom of my screen. 

    • 0

    #14
    JSntgRvr

    JSntgRvr

      Global Moderator

    • Global Moderator
    • 11,591 posts

    Press the windows key. The Start Menu will be displayed. Right click on the Start Menu and select Properties. Make sure the Taskbar is not locked and the Autohide is disable.

     

    Let me know the outcome.


    • 0

    #15
    Warden

    Warden

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 162 posts

    When I press the windows key, nothing happens. I use ctrl-alt-delete to restart the machine.  Not sure what is going on at this point.  Any help is appreciated.


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP