machine is an HP Elitebook 8730w with Windiws XP Pro ver 2002 Service Pack 3. I initially posted this as a missing tool bar, in the xp group, because the desktop appears but there is no toolbar at the bottom of the screen. I can see notification bubbles for adobe updates and file hippo updates but cant actually see them. But the person helping me suggested I post in malware removal due to the symptoms. I have tried to run malwarebytes, however, when I do so I get the following error message, run time error '372': failed to load 'vbalgrid' from vbalgrid6.ocx. Your version of vbalgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.
I have also tried to use avast but when I attempt to run a scan it says the RPC server is unavailable.
I have rebooted into safe mode and the problem is there as well.
I also have tried a sys restore from safe mode with no luck.
Here is the OTL log. Any help is appreciated. Running viprerescue on the problem machine now and posting from a different one.
OTL logfile created on: 5/15/2014 7:57:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Presenter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.23% Memory free
4.84 Gb Paging File | 4.26 Gb Available in Paging File | 88.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 128.04 Gb Free Space | 42.95% Space Free | Partition Type: NTFS
Computer Name: TS8730WIMAGE | User Name: Presenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/14 06:18:38 | 001,268,560 | ---- | M] (BitTorrent Inc.) -- C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe
PRC - [2014/05/10 08:36:07 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/12 21:57:54 | 000,043,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/26 18:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/02/25 11:58:30 | 003,093,024 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\Fitbit Connect.exe
PRC - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe
PRC - [2013/01/30 22:48:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Presenter\Desktop\OTL.exe
PRC - [2012/05/09 15:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2012/03/26 03:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/24 22:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 19:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 10:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/02/27 07:22:10 | 001,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:40:52 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\Lotus\Notes\ntmulti.exe
PRC - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) -- C:\Program Files\Lotus\Notes\nsd.exe
PRC - [2008/10/14 16:10:32 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/12 14:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/10 08:36:12 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/12 00:14:31 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\aa86b1a0c9a5bd2a973bef106c0461f9\Microsoft.VisualBasic.ni.dll
MOD - [2014/02/12 00:13:47 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/11 22:11:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/11 22:02:40 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/11 22:02:20 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/11 21:59:26 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/11 21:57:33 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/11 21:57:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/12/09 21:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 13:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 13:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/02/15 14:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 14:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 14:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 14:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 13:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/26 08:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/26 00:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/26 00:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/26 00:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 09:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2010/02/17 19:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2009/02/27 06:51:14 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/12 14:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2008/05/12 14:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
========== Services (SafeList) ==========
SRV - [2014/05/10 08:36:07 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/07 07:41:00 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/25 11:58:30 | 001,239,584 | ---- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2013/01/18 18:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2011/07/21 12:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/17 19:25:12 | 000,152,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 16:55:52 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/07/02 08:18:25 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/02 08:18:24 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/12/06 08:37:30 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2008/12/06 08:36:38 | 003,315,080 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2008/08/08 07:47:02 | 000,777,240 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 12:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2014/05/15 19:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/05/10 08:36:16 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/05/10 08:36:16 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/05/10 08:36:16 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/05/10 08:36:16 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/05/10 08:36:15 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/05/10 08:36:15 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/05/10 08:36:15 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/05/10 08:36:15 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/09/04 14:57:44 | 000,024,040 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiutil.sys -- (gfiutil)
DRV - [2013/05/23 08:39:14 | 000,043,368 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiark.sys -- (gfiark)
DRV - [2011/02/15 14:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/11/16 00:24:48 | 000,013,880 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2009/12/18 12:13:02 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/12/18 12:13:00 | 000,230,912 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/12/18 12:12:58 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/12/02 13:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/07/02 08:21:36 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/07/02 08:21:36 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/07/02 08:21:36 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/02 08:18:38 | 004,202,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009/07/02 08:18:25 | 000,040,832 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/02 08:17:38 | 000,044,800 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2009/07/02 08:16:16 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2009/06/22 17:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/03/27 05:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/03/19 11:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/11/21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/05 23:20:24 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 15:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/29 15:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/20 01:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
[2013/03/29 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Presenter\Application Data\Mozilla\Firefox\extensions
[2013/03/29 21:08:59 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Documents and Settings\Presenter\Application Data\Mozilla\Firefox\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[2010/07/11 21:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Presenter\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/01/23 13:04:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Documents and Settings\Presenter\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bitdefender.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44D5156A-6FFB-42B6-A90E-F6AF0CF674C9}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (VPNGina.dll) - C:\WINDOWS\System32\vpngina.dll (Cisco Systems, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 15:36:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/05/15 19:59:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/05/14 12:18:17 | 000,024,040 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiutil.sys
[2014/05/14 12:18:00 | 000,043,368 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiark.sys
[2014/05/14 12:16:24 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/05/14 07:45:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/05/10 09:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Application Data\AVAST Software
[2014/05/10 08:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/05/10 08:36:30 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/05/10 08:36:29 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/05/10 08:36:28 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/05/10 08:36:27 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/05/10 08:36:26 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/05/10 08:36:22 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/05/10 08:36:14 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/05/10 08:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/05/08 10:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\ringtones
[2014/05/08 10:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\music
[2014/05/08 10:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\documents
[2014/05/08 10:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\videos
[2014/05/08 10:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\camera
[2014/05/08 10:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Presenter\Desktop\pictures
[2014/04/20 20:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
========== Files - Modified Within 30 Days ==========
[2014/05/15 19:45:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/05/15 19:43:48 | 000,066,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2014/05/15 19:42:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/15 19:42:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/14 06:49:39 | 000,066,713 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2014/05/13 22:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/13 21:34:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/13 21:21:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006UA.job
[2014/05/13 20:36:01 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/13 20:34:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/13 10:21:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3866077675-454247996-117300071-1006Core.job
[2014/05/12 13:17:39 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/05/10 08:37:38 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/05/10 08:37:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/05/10 08:36:16 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/05/10 08:36:16 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/05/10 08:36:16 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/10 08:36:16 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/05/10 08:36:15 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/05/10 08:36:15 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/05/10 08:36:15 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/10 08:36:15 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/10 08:36:14 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/05/10 08:36:14 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/05/10 08:03:10 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\miiii.jgf
[2014/05/08 20:57:07 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/29 13:19:13 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\Presenter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/29 13:19:13 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Google Chrome.lnk
[2014/04/22 14:12:02 | 000,062,491 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\BDLParking receipt 04-17-14.pdf
[2014/04/22 14:11:49 | 000,059,241 | ---- | M] () -- C:\Documents and Settings\Presenter\My Documents\BDLParking receipt 04-17-14.pdf
[2014/04/20 09:02:47 | 000,094,819 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Tax Doc for Sandy.pdf
[2014/04/18 10:45:11 | 000,021,149 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\BDL Receipt 4-11-14.pdf
[2014/04/17 19:55:07 | 000,063,873 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\PVD Taxi Receipt 3-17-14.pdf
[2014/04/16 08:20:00 | 001,908,719 | ---- | M] () -- C:\Documents and Settings\Presenter\Desktop\Christopher and Hogan.JPG
========== Files Created - No Company Name ==========
[2014/05/10 08:37:38 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/05/10 08:36:50 | 000,000,370 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/05/10 08:36:29 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/05/10 08:36:28 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/05/10 08:36:26 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/04/22 14:12:02 | 000,062,491 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\BDLParking receipt 04-17-14.pdf
[2014/04/22 14:11:49 | 000,059,241 | ---- | C] () -- C:\Documents and Settings\Presenter\My Documents\BDLParking receipt 04-17-14.pdf
[2014/04/20 09:02:44 | 000,094,819 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Tax Doc for Sandy.pdf
[2014/04/18 10:45:11 | 000,021,149 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\BDL Receipt 4-11-14.pdf
[2014/04/17 19:55:07 | 000,063,873 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\PVD Taxi Receipt 3-17-14.pdf
[2014/04/16 08:19:59 | 001,908,719 | ---- | C] () -- C:\Documents and Settings\Presenter\Desktop\Christopher and Hogan.JPG
[2014/03/26 22:21:45 | 000,013,880 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\j6zj3odia.bbr
[2014/02/11 22:23:24 | 001,035,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/02/14 14:40:56 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2009/10/08 10:26:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Presenter\JavaConnect.ini
[2009/08/12 07:32:23 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Presenter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 11:43:17 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Presenter\NTUSER.bak
========== ZeroAccess Check ==========
[2009/07/02 09:45:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/22 01:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/03/03 09:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/05 11:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2014/02/08 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2014/05/10 08:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/10 20:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/01/16 15:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/02/12 11:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2013/01/18 07:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D0B43B0D7D5E52B60000D0B36A6159FD
[2013/06/28 09:04:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FitbitConnect
[2011/06/01 09:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2013/01/18 10:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/07 07:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/16 08:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2010/01/27 12:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2012/04/02 23:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/02/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2014/03/11 11:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/27 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2010/08/04 09:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2013/06/17 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 21:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/29 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2014/05/10 09:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\AVAST Software
[2010/02/16 22:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Bytemobile
[2012/01/16 15:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\CheckPoint
[2014/04/09 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Dropbox
[2014/04/09 21:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\DropboxMaster
[2013/05/07 02:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\e08c65b2-6be0-44ba-9628-b61063a7657dad
[2013/01/25 19:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\ElevatedDiagnostics
[2011/06/01 09:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Flip Video
[2014/01/04 14:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\HandBrake
[2010/06/14 12:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\InterVideo
[2013/09/05 14:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Red Kawa
[2012/04/02 23:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Research In Motion
[2013/12/24 08:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Search Protection
[2010/02/16 22:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Sierra Wireless
[2014/05/15 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\uTorrent
[2013/02/27 11:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Visan
[2010/01/27 14:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Desktop Search
[2010/01/31 00:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Windows Search
[2010/07/14 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\WinPatrol
[2009/10/08 09:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Presenter\Application Data\Xerox
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >