TechSpot

Virus/Malware Removal Issues

Solved
By burds
Feb 19, 2014
  1. I've been using Microsoft Security Essentials and Sophos to try and get rid of viruses/malware I noticed when random adds began popping up in strange places on certain websites. The programs say the files are removed but after restarting, the same files appear to have never been removed. Please help.

    Malwarebytes Log:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.19.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Brittany :: BRITTANY-PC [administrator]

    Protection: Enabled

    2/18/2014 9:19:48 PM
    mbam-log-2014-02-18 (21-19-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221586
    Time elapsed: 29 minute(s), 7 second(s)

    Memory Processes Detected: 2
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 3720 -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> 1216 -> Delete on reboot.

    Memory Modules Detected: 1
    C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

    Registry Keys Detected: 8
    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    HKCU\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKLM\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0B1G1O1S0V1G1F -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3...=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 25
    C:\Program Files (x86)\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\plugins (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    Files Detected: 138
    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RI3VP6P.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RJUUP10.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RJWLM0Z.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RWCV9VX.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RXIFBV2.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\embededstub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\embededstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsc7536.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsd1AE6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsd385.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsd571D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsd689B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsdB42A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsi63D9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsi6CFF.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsi804F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsi8C32.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsj41E5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsj4248.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsj4E2B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsnFA9E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nso4649.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nso527B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nso5721.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsoAA69.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsr1D29.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nss15C6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nstBCC3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsx1F0B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsxC8A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsy4A7E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsy5B43.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\spstub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\is1261780760\8656713_stp\FindRightSetup.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsx5296\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\Temp\nsy9EF1\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nseB460.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsj5698.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsoB49E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsuD9DB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\Setup[1].exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\Setup[2].exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\optin[2].php (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\optin[3].php (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\Z90MGL8S\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\Z90MGL8S\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\FindRight.ico (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\0 (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\7za.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\FindRightUninstall.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\updateFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll.old.a3a3ffc5-9623-40d8-9cf4-01072b2af89d (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\FindRightBrowserFilter.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\sqlite3.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\FindRight\bin\utilFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392270016698 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Brittany\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    (end)
  2. burds

    burds Newcomer, in training Topic Starter

    DDS.txt log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
    Run by Brittany at 22:01:07 on 2014-02-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1843 [GMT -7:00]
    .
    AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
    C:\Windows\system32\Hpservice.exe
    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\SPLASH.SYS\config\DVMExportService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    C:\Program Files (x86)\SafeConnect\scManager.sys
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\SafeConnect\scClient.exe
    C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [Google Update] "C:\Users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Spotify Web Helper] "C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    StartupFolder: C:\Users\Brittany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA} : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\0516E64786562763 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\255637E45647 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\255637E45647D214C647 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\C456D636B6562427F63723031323 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\E41455 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
    TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\E41455D27457563747 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
    TCP: Interfaces\{35688D3B-93DF-4F8F-9A0B-EFEDB732C0D0} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=
    FF - prefs.js: browser.search.selectedEngine - Conduit Search
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Brittany\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
    FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}
    FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    .
    .
    .
    .
    user_pref(extensions.autoDisableScopes,14);
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
    R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2012-9-26 144672]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-1-29 89600]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-18 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-18 701512]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-4 216640]
    R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-9-26 139840]
    R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
    R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-9-26 232512]
    R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-9-26 357400]
    R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-4 2869824]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-1-29 2320920]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-5 227896]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-18 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2010-1-29 200736]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-29 291328]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012-9-26 1998400]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-29 232480]
    S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2012-9-26 36640]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-28 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2011-1-4 25608]
    SUnknown nmlayqxg;nmlayqxg; [x]
    .
    =============== Created Last 30 ================
    .
    2014-02-19 04:55:53 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{979E65E3-3EC0-4704-97DB-1C55FC48A94C}\offreg.dll
    2014-02-19 04:03:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-02-19 04:03:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-02-19 03:59:52 97041 ----a-w- C:\ProgramData\1392782340.bdinstall.bin
    2014-02-19 03:51:49 9227 ----a-w- C:\ProgramData\1392781894.4364.bin
    2014-02-19 03:51:38 2406 ----a-w- C:\ProgramData\1392781894.4764.bin
    2014-02-19 03:51:38 1804 ----a-w- C:\ProgramData\1392781894.2472.bin
    2014-02-19 03:51:34 42960 ----a-w- C:\ProgramData\1392781894.5200.bin
    2014-02-19 03:51:34 37823 ----a-w- C:\ProgramData\1392781871.bdinstall.bin
    2014-02-19 02:08:22 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{979E65E3-3EC0-4704-97DB-1C55FC48A94C}\mpengine.dll
    2014-02-18 02:05:47 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C20AC737-25AC-4BD2-B0F0-97BF1EA6D99A}\gapaengine.dll
    2014-02-18 02:05:19 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-02-17 05:11:42 219669 ----a-w- C:\ProgramData\1392613507.bdinstall.bin
    2014-02-17 04:09:57 1657 ----a-w- C:\ProgramData\1392610193.3368.bin
    2014-02-17 04:09:56 2061 ----a-w- C:\ProgramData\1392610193.8468.bin
    2014-02-17 04:09:53 44520 ----a-w- C:\ProgramData\1392610193.9588.bin
    2014-02-17 04:08:18 45521 ----a-w- C:\ProgramData\1392610036.bdinstall.bin
    2014-02-17 04:07:15 -------- d-----w- C:\Users\Brittany\AppData\Roaming\QuickScan
    2014-02-17 02:24:05 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing
    2014-02-14 02:58:18 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Python-Eggs
    2014-02-14 02:58:00 -------- d-----w- C:\Users\Brittany\AppData\Roaming\BitLord
    2014-02-14 02:53:22 -------- d-----w- C:\Program Files (x86)\BitLord 2
    2014-02-13 14:46:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-02-13 14:46:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-02-13 14:44:59 7211520 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
    2014-02-13 14:41:21 -------- d-----w- C:\Windows\SysWow64\SearchProtect
    2014-02-13 06:30:43 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2014-02-13 06:30:43 2048 ----a-w- C:\Windows\System32\msxml3r.dll
    2014-02-13 06:30:43 1882112 ----a-w- C:\Windows\System32\msxml3.dll
    2014-02-13 06:30:43 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2014-02-13 06:30:20 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2014-02-13 06:30:19 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2014-02-13 06:30:19 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2014-02-13 06:30:19 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2014-02-13 05:37:46 -------- d-----w- C:\Users\Brittany\AppData\Local\SearchProtect
    2014-01-23 06:43:41 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Open Download Manager
    2014-01-23 03:35:19 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-01-20 23:10:19 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
    2014-01-20 23:10:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2014-01-20 23:10:19 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2014-01-20 23:10:19 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
    2014-01-20 23:10:16 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
    2014-01-20 23:10:15 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
    2014-01-20 23:10:15 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
    2014-01-20 23:10:14 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
    2014-01-20 23:10:14 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
    2014-01-20 23:10:12 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
    2014-01-20 23:08:49 -------- d-----w- C:\Program Files (x86)\Dolphin x86
    2014-01-20 20:39:00 -------- d-----w- C:\Users\Brittany\.android
    2014-01-20 20:38:59 -------- d-----w- C:\Users\Brittany\AppData\Local\cache
    2014-01-20 20:38:57 -------- d-----w- C:\Users\Brittany\AppData\Local\Mobogenie
    2014-01-20 20:38:57 -------- d-----w- C:\Users\Brittany\AppData\Local\genienext
    .
    ==================== Find3M ====================
    .
    2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-05 07:33:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-02-05 07:33:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-01-13 15:29:53 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-01-13 15:28:45 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2014-01-13 15:28:45 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-01-13 15:28:44 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2013-12-29 16:20:19 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-12-29 16:20:19 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-12-28 20:08:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2013-12-28 20:08:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2013-12-28 18:27:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-28 17:40:43 113224 ----a-w- C:\Users\Brittany\g2ax_customer_downloadhelper_win32_x86.exe
    2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 22:16:15.99 ===============
  3. burds

    burds Newcomer, in training Topic Starter

    Attach.txt log:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/31/2010 8:51:07 AM
    System Uptime: 2/18/2014 9:54:46 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 140A
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 917/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 447 GiB total, 89.417 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 3.008 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP568: 2/13/2014 7:54:11 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    RP569: 2/16/2014 8:36:47 AM - Windows Update
    RP570: 2/17/2014 6:42:32 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader 9.5.5
    Adobe Shockwave Player
    Alps Touch Pad Driver
    Amazon MP3 Downloader 1.0.17
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    AudibleManager
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    Dolphin x86
    DVD Menu Pack for HP MediaSmart Video
    ENE CIR Receiver Driver
    ESU for Microsoft Windows 7
    FindRight
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SlingPlayer
    HP MediaSmart SmartMenu
    HP MediaSmart Software Notebook Demo
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Officejet 6500 E710a-f Basic Device Software
    HP Officejet 6500 E710a-f Help
    HP Officejet 6500 E710a-f Product Improvement Study
    HP Quick Launch Buttons
    HP QuickWeb
    HP Setup
    HP Smart Web Printing 4.60
    HP Support Assistant
    HP Update
    HP User Guides 0186
    HP Wireless Assistant
    I.R.I.S. OCR
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel® Matrix Storage Manager
    iTunes
    Java 7 Update 45
    Java(TM) 6 Update 15 (64-bit)
    Java(TM) SE Development Kit 6 Update 15 (64-bit)
    Junk Mail filter update
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.75.0.1300
    Marketsplash Shortcuts
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Live Search Toolbar
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MobileMe Control Panel
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NaturalReaderFree
    NOOK Study
    Norton Online Backup
    Origin
    Paint.NET v3.5.11
    QLBCASL
    QuickTime
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek USB2.0&PCIE Card Reader
    Recovery Manager
    Safari
    SafeConnect
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
    SES Driver
    Skype Click to Call
    Skype™ 6.11
    SmartWebPrinting
    Sophos Anti-Virus
    Sophos AutoUpdate
    Spotify
    Steam
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 Fast Lane Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 Pets
    The Sims™ 3 Seasons
    The Sims™ 3 Showtime
    The Sims™ 3 Supernatural
    The Sims™ 3 Town Life Stuff
    The Sims™ 3 University Life
    The Sims™ 3 World Adventures
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinZip 18.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/18/2014 9:41:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 9:39:13 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f.
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...imalware\Scans\History\Store\B61D532D5FCF19F405559A3FE9EA00D7]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247f48b5]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247a3f93]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2478dffd]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2474e84f]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b246afd19]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014e]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2481448d]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014e]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247fe4f8]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\WINDOWS\SysWOW64\whhelper.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b247843bb]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\WINDOWS\SysWOW64\where.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b24694f63]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\where.exe.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b247117b0]).
    2/18/2014 9:29:13 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point.
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Device\HarddiskVolume2\Windows\SysWOW64\en-US\irprops.cpl.mui" (process mbam.exe, start check timestamp [ 1cf2d2b01155dc6]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ADBC222A5E9E896414FA36060C35_48A5FE0E4C4BF030A44141C37D4E0AF6" (process chrome.exe, start check timestamp [ 1cf2d2b01197c86]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...A8CE4B2A7499F8299A013B6E1C7C_9FE3305CE8FB7AF24C8C7A65C3539514" (process chrome.exe, start check timestamp [ 1cf2d2b01186b12]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b" (process MsMpEng.exe, start check timestamp [ 1cf2d2b010509d9]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b" (process MsMpEng.exe, start check timestamp [ 1cf2d2add2d404e]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2b011adc1b]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2b01155dc6]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\WINDOWS\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2add3a11be]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003885" (process chrome.exe, start check timestamp [ 1cf2d2b0110f0e6]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003884" (process chrome.exe, start check timestamp [ 1cf2d2b0112c5ad]).
    2/18/2014 9:28:14 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b.
    2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Windows\SysWOW64\en-US\irclass.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2add2c7cfb]).
    2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add2e9fe3]).
    2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File
  4. burds

    burds Newcomer, in training Topic Starter

    [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add39eaae]).
    2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add1746fc]).
    2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add15e767]).
    2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add159946]).
    2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\irclass.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2add215942]).
    2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ7HCFZ.zip" (process mbam.exe, start check timestamp [ 1cf2d2ac1491a52]).
    2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ5EVIE.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac14793ac]).
    2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ4AK7H.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac14374ed]).
    2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ3G4BC.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac1118ec2]).
    2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIYWYNW.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac10b260a]).
    2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIX1CU6.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac10866df]).
    2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIWGBYW.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac101b006]).
    2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIB3NDJ.lnk" (process mbam.exe, start check timestamp [ 1cf2d2ac07f109c]).
    2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI9SGBH.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac07dd818]).
    2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI8BHFJ.JPG" (process mbam.exe, start check timestamp [ 1cf2d2a9cb3ca60]).
    2/18/2014 9:25:25 PM, Error: SAVOnAccess [85] - File [...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI3VP6P.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2a0cf592e0]).
    2/18/2014 9:25:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2a955eb314]).
    2/18/2014 9:25:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2a955d537f]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d94df43]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d94b832]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d92bc5b]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d85c3da]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d859cc9]).
    2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d84b266]).
    2/18/2014 9:24:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Videos\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1cf2d2a5c74781d]).
    2/18/2014 9:24:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Pictures\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1cf2d2a803c89fd]).
    2/18/2014 9:18:00 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\WINDOWS\TEMP\tmp000021fe\tmp0000014b.
    2/18/2014 8:59:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
    2/18/2014 8:59:13 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/18/2014 8:56:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
    2/18/2014 8:55:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 8:52:36 PM, Error: Service Control Manager [7031] - The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    2/18/2014 8:51:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 8:35:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 8:33:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 8:02:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
    2/18/2014 8:02:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 7:44:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/18/2014 7:43:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/18/2014 7:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/18/2014 7:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/18/2014 7:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache DVMIO gzflt MpFilter NetBIOS NetBT nsiproxy Psched rdbss SAVOnAccess spldr tdx trufos vwififlt Wanarpv6 WfpLwf
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/18/2014 7:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/18/2014 7:41:00 AM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00004676\tmp00002d66.
    2/18/2014 7:40:58 AM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000c2f7.
    2/18/2014 7:40:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 7:40:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 7:32:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DvmMDES service.
    2/18/2014 7:16:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 7:05:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 6:53:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 5:53:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 3:53:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 3:07:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 2:54:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 10:14:14 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000024a4\tmp00000b72.
    2/18/2014 10:07:15 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-D761 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D83450F-D0EE-48C2-9441-58B79CADD0CA}. The master browser is stopping or an election is being forced.
    2/18/2014 1:32:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 1:24:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/18/2014 1:20:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 9:24:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 8:10:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 7:45:34 PM, Error: Service Control Manager [7000] - The Util FindRight service failed to start due to the following error: Access is denied.
    2/17/2014 7:45:34 PM, Error: Service Control Manager [7000] - The Update FindRight service failed to start due to the following error: Access is denied.
    2/17/2014 7:42:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    2/17/2014 7:38:41 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
    2/17/2014 7:32:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 7:16:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 11:25:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 11:20:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003 Name: Virus:DOS/EICAR_Test_File ID: 2147519003 Severity: Severe Category: Virus Path: file:_C:\Windows\Temp\tmp000006d6\tmp00000007.126872.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000007.177683.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_11430.qz.113249.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_25997.qz.113247.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_40243.qz.111652.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_4270.qz.113240.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_7901.qz.113268.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_91688.qz.111547.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_94372.qz.113238.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_998.qz.111550.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fd7.108666.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fdf.108657.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fe9.268705.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fec.267162.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010ff3.267227.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0001107a.267165.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0001107f.26879 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.167.27.0, AS: 1.167.27.0, NIS: 109.126.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10003.0
    2/17/2014 10:41:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 10:28:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 10:22:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 10:19:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003 Name: Virus:DOS/EICAR_Test_File ID: 2147519003 Severity: Severe Category: Virus Path: file:_C:\Windows\Temp\tmp000006d6\tmp00000007.126872.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000007.177683.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000145.126431.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000227.111549.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp0000022e.111539.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_40243.qz.111652.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_998.qz.111550.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c2f7.107664.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c337.111339.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c338.21863.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c363.91306.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c366.108914.gzquar Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.167.27.0, AS: 1.167.27.0, NIS: 109.126.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10003.0
    2/17/2014 10:16:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc79.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc78.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc77.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc76.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc75.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc74.
    2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc73.
    2/17/2014 10:12:02 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fad1.
    2/17/2014 10:08:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    2/16/2014 12:10:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SAM-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D83450F-D0EE-48C2-9441-58B79CADD0CA}. The master browser is stopping or an election is being forced.
    2/16/2014 10:56:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    2/16/2014 10:56:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    2/16/2014 10:55:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
    2/16/2014 10:54:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    2/16/2014 10:54:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    2/16/2014 10:53:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...vice\DetectionHistory\12\2A910B40-080F-421C-BC86-2E4B67856CA8]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba4891fb546]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Windows\System32\VaultCredProvider.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898871d2]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...ddiskVolume2\Windows\system32\SmartcardCredentialProvider.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898ad332]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process wininit.exe, (start check timestamp [ 1cf2ba48970a40f]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\System32\BioCredProv.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898d3493]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\cursors\aero_working.ani]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process winlogon.exe, (start check timestamp [ 1cf2ba4896be14f]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\cursors\aero_busy.ani]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process winlogon.exe, (start check timestamp [ 1cf2ba48964bd2e]).
    2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Branding\Basebrd\Basebrd.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898871d2]).
    2/16/2014 10:53:08 PM, Error: SAVOnAccess [85] - File [...vice\DetectionHistory\13\D7ADA63B-B958-4279-B395-C44722EBD4E7]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba488c540fc]).
    2/16/2014 10:53:08 PM, Error: SAVOnAccess [85] - File [...imalware\Scans\History\Store\3524706173074BAEAAFC931688669B2D]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba488c540fc]).
    2/16/2014 10:53:06 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001.
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e58fafac]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e58e290c]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process winlogon.exe, start check timestamp [ 1cf2ba3e549a5d0]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e54a4212]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e54a1b01]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e549f3f1]).
    2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\windows\system32\logonui.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e549cce0]).
    2/16/2014 10:48:33 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e4f54bc6]).
    2/16/2014 10:09:26 PM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================

    Thank you!
  5. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] You're running two AV programs, MSE and Sophos.
    You must uninstall one of them.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  6. burds

    burds Newcomer, in training Topic Starter

    -I uninstalled MSE
    -all the random ads are gone
    -computer doesn't seem to be overheating anymore

    -RK reports:

    RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brittany [Admin rights]
    Mode : Scan -- Date : 02/19/2014 20:38:58
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [V2][SUSP PATH] {53CBC169-092D-4B46-B3F8-BB0FD734D69B} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND
    [V2][SUSP PATH] {9723276D-8DC0-42AE-BBC5-D7EA5D752B35} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND
    [V2][SUSP PATH] {9951B8CD-E3B7-4563-93C2-A909723C78CA} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY +++++
    --- User ---
    [MBR] 35ae13969b37e9a4358d3237b335ff2c
    [BSP] 964b4ec2e8778baff0df4d19b8567303 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457422 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937209856 | Size: 19214 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_02192014_203858.txt >>


    RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brittany [Admin rights]
    Mode : Remove -- Date : 02/19/2014 20:40:20
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [V2][SUSP PATH] {53CBC169-092D-4B46-B3F8-BB0FD734D69B} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
    [V2][SUSP PATH] {9723276D-8DC0-42AE-BBC5-D7EA5D752B35} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
    [V2][SUSP PATH] {9951B8CD-E3B7-4563-93C2-A909723C78CA} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY +++++
    --- User ---
    [MBR] 35ae13969b37e9a4358d3237b335ff2c
    [BSP] 964b4ec2e8778baff0df4d19b8567303 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457422 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937209856 | Size: 19214 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_02192014_204020.txt >>
    RKreport[0]_S_02192014_203858.txt


    -mbar log:

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.02.20.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Brittany :: BRITTANY-PC [administrator]

    2/19/2014 8:56:04 PM
    mbar-log-2014-02-19 (20-56-04).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 248827
    Time elapsed: 20 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    -system log:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16518

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.127000 GHz
    Memory total: 4083982336, free: 1824419840

    Downloaded database version: v2014.02.20.01
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/19/2014 20:55:58
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\isapnp.sys
    \SystemRoot\system32\drivers\mpio.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\aliide.sys
    \SystemRoot\system32\drivers\amdide.sys
    \SystemRoot\system32\drivers\cmdide.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\msdsm.sys
    \SystemRoot\system32\drivers\nvraid.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\viaide.sys
    \SystemRoot\system32\drivers\iaStorV.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\DRIVERS\lsi_sas.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\HpSAMD.sys
    \SystemRoot\system32\DRIVERS\adp94xx.sys
    \SystemRoot\system32\DRIVERS\adpahci.sys
    \SystemRoot\system32\DRIVERS\adpu320.sys
    \SystemRoot\system32\drivers\amdsata.sys
    \SystemRoot\system32\DRIVERS\amdsbs.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\DRIVERS\arc.sys
    \SystemRoot\system32\DRIVERS\arcsas.sys
    \SystemRoot\system32\DRIVERS\elxstor.sys
    \SystemRoot\system32\DRIVERS\iirsp.sys
    \SystemRoot\system32\DRIVERS\lsi_fc.sys
    \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    \SystemRoot\system32\DRIVERS\megasas.sys
    \SystemRoot\system32\DRIVERS\MegaSR.sys
    \SystemRoot\system32\DRIVERS\nfrd960.sys
    \SystemRoot\system32\drivers\nvstor.sys
    \SystemRoot\system32\DRIVERS\ql2300.sys
    \SystemRoot\system32\DRIVERS\ql40xx.sys
    \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    \SystemRoot\system32\DRIVERS\sisraid4.sys
    \SystemRoot\system32\DRIVERS\stexstor.sys
    \SystemRoot\system32\DRIVERS\vsmraid.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\system32\drivers\sbp2port.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\savonaccess.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \??\C:\SPLASH.SYS\config\dvmio.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\RtsPStor.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\drivers\mouclass.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Impcd.sys
    \SystemRoot\system32\DRIVERS\enecir.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\circlass.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\hidir.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msvcrt.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\user32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\lpk.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\imm32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\shell32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005842060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80049df050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005842060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80056e4930, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005842060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80056e3a20, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa80049dadd0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80049df050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: F8071B56

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 936800256

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 937209856 Numsec = 39350272

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976560128 Numsec = 210992

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished

    Thanks again!
  7. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Good news :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  8. burds

    burds Newcomer, in training Topic Starter

    -Combofix log:

    ComboFix 14-02-19.01 - Brittany 02/19/2014 21:49:20.1.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2043 [GMT -7:00]

    Running from: c:\users\Brittany\Desktop\ComboFix.exe

    AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

    SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\Install.exe

    c:\programdata\1392610036.bdinstall.bin

    c:\programdata\1392610193.3368.bin

    c:\programdata\1392610193.8468.bin

    c:\programdata\1392610193.9588.bin

    c:\programdata\1392613507.bdinstall.bin

    c:\programdata\1392781871.bdinstall.bin

    c:\programdata\1392781894.2472.bin

    c:\programdata\1392781894.4364.bin

    c:\programdata\1392781894.4764.bin

    c:\programdata\1392781894.5200.bin

    c:\programdata\1392782340.bdinstall.bin

    c:\users\Brittany\AppData\Roaming\.#

    c:\users\Brittany\g2ax_customer_downloadhelper_win32_x86.exe

    c:\users\Public\videos\HP MediaSmart Demo.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2014-01-20 to 2014-02-20 )))))))))))))))))))))))))))))))

    .

    .

    2014-02-20 05:00 . 2014-02-20 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp

    2014-02-20 03:55 . 2014-02-20 04:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

    2014-02-20 03:55 . 2014-02-20 03:55 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

    2014-02-20 03:54 . 2014-02-20 03:54 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2014-02-19 04:03 . 2014-02-19 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

    2014-02-19 04:03 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

    2014-02-17 04:07 . 2014-02-17 05:06 -------- d-----w- c:\users\Brittany\AppData\Roaming\QuickScan

    2014-02-17 02:24 . 2014-02-19 03:40 -------- d-----w- c:\users\Brittany\AppData\Roaming\Nico Mak Computing

    2014-02-14 02:58 . 2014-02-14 02:58 -------- d-----w- c:\users\Brittany\AppData\Roaming\Python-Eggs

    2014-02-14 02:58 . 2014-02-14 03:33 -------- d-----w- c:\users\Brittany\AppData\Roaming\BitLord

    2014-02-14 02:53 . 2014-02-14 04:51 -------- d-----w- c:\program files (x86)\BitLord 2

    2014-02-13 14:46 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

    2014-02-13 14:46 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

    2014-02-13 14:44 . 2014-02-06 11:22 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll

    2014-02-13 14:41 . 2014-02-13 14:41 -------- d-----w- c:\windows\SysWow64\SearchProtect

    2014-02-13 06:30 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

    2014-02-13 06:30 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll

    2014-02-13 06:30 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

    2014-02-13 06:30 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

    2014-02-13 06:30 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

    2014-02-13 06:30 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

    2014-02-13 06:30 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

    2014-02-13 06:30 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

    2014-02-13 05:37 . 2014-02-13 05:38 -------- d-----w- c:\users\Brittany\AppData\Local\SearchProtect

    2014-01-23 06:43 . 2014-01-23 07:01 -------- d-----w- c:\users\Brittany\AppData\Roaming\Open Download Manager

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-02-18 01:46 . 2010-06-05 16:15 88567024 ----a-w- c:\windows\system32\MRT.exe

    2014-02-05 07:33 . 2013-02-23 06:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2014-02-05 07:33 . 2013-02-23 06:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2014-01-19 07:33 . 2010-05-31 16:00 270496 ------w- c:\windows\system32\MpSigStub.exe

    2014-01-13 15:33 . 2014-01-13 15:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

    2014-01-13 15:33 . 2014-01-13 15:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

    2014-01-13 15:33 . 2014-01-13 15:33 235008 ----a-w- c:\windows\system32\elshyph.dll

    2014-01-13 15:33 . 2014-01-13 15:33 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

    2014-01-13 15:33 . 2014-01-13 15:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

    2014-01-13 15:33 . 2014-01-13 15:33 182272 ----a-w- c:\windows\SysWow64\msls31.dll

    2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

    2014-01-13 15:33 . 2014-01-13 15:33 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

    2014-01-13 15:33 . 2014-01-13 15:33 337408 ----a-w- c:\windows\SysWow64\html.iec

    2014-01-13 15:33 . 2014-01-13 15:33 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2014-01-13 15:33 . 2014-01-13 15:33 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

    2014-01-13 15:33 . 2014-01-13 15:33 139264 ----a-w- c:\windows\SysWow64\wextract.exe

    2014-01-13 15:33 . 2014-01-13 15:33 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

    2014-01-13 15:33 . 2014-01-13 15:33 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

    2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\SysWow64\mshta.exe

    2014-01-13 15:33 . 2014-01-13 15:33 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

    2014-01-13 15:33 . 2014-01-13 15:33 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2014-01-13 15:33 . 2014-01-13 15:33 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

    2014-01-13 15:33 . 2014-01-13 15:33 942592 ----a-w- c:\windows\system32\jsIntl.dll

    2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

    2014-01-13 15:33 . 2014-01-13 15:33 247808 ----a-w- c:\windows\system32\msls31.dll

    2014-01-13 15:33 . 2014-01-13 15:33 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2014-01-13 15:33 . 2014-01-13 15:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

    2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\system32\msfeedssync.exe

    2014-01-13 15:33 . 2014-01-13 15:33 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

    2014-01-13 15:33 . 2014-01-13 15:33 105984 ----a-w- c:\windows\system32\iesysprep.dll

    2014-01-13 15:33 . 2014-01-13 15:33 77312 ----a-w- c:\windows\system32\tdc.ocx

    2014-01-13 15:33 . 2014-01-13 15:33 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

    2014-01-13 15:33 . 2014-01-13 15:33 453120 ----a-w- c:\windows\system32\dxtmsft.dll

    2014-01-13 15:33 . 2014-01-13 15:33 413696 ----a-w- c:\windows\system32\html.iec

    2014-01-13 15:33 . 2014-01-13 15:33 296960 ----a-w- c:\windows\system32\dxtrans.dll

    2014-01-13 15:33 . 2014-01-13 15:33 616104 ----a-w- c:\windows\system32\ieapfltr.dat

    2014-01-13 15:33 . 2014-01-13 15:33 81408 ----a-w- c:\windows\system32\icardie.dll

    2014-01-13 15:33 . 2014-01-13 15:33 30208 ----a-w- c:\windows\system32\licmgr10.dll

    2014-01-13 15:33 . 2014-01-13 15:33 263376 ----a-w- c:\windows\system32\iedkcs32.dll

    2014-01-13 15:33 . 2014-01-13 15:33 243200 ----a-w- c:\windows\system32\webcheck.dll

    2014-01-13 15:33 . 2014-01-13 15:33 235520 ----a-w- c:\windows\system32\url.dll

    2014-01-13 15:33 . 2014-01-13 15:33 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

    2014-01-13 15:33 . 2014-01-13 15:33 84992 ----a-w- c:\windows\system32\mshtmled.dll

    2014-01-13 15:33 . 2014-01-13 15:33 167424 ----a-w- c:\windows\system32\iexpress.exe

    2014-01-13 15:33 . 2014-01-13 15:33 143872 ----a-w- c:\windows\system32\wextract.exe

    2014-01-13 15:33 . 2014-01-13 15:33 101376 ----a-w- c:\windows\system32\inseng.dll

    2014-01-13 15:33 . 2014-01-13 15:33 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

    2014-01-13 15:33 . 2014-01-13 15:33 774144 ----a-w- c:\windows\system32\jscript.dll

    2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\system32\pngfilt.dll

    2014-01-13 15:33 . 2014-01-13 15:33 48128 ----a-w- c:\windows\system32\imgutil.dll

    2014-01-13 15:33 . 2014-01-13 15:33 147968 ----a-w- c:\windows\system32\occache.dll

    2014-01-13 15:33 . 2014-01-13 15:33 13824 ----a-w- c:\windows\system32\mshta.exe

    2014-01-13 15:33 . 2014-01-13 15:33 135680 ----a-w- c:\windows\system32\iepeers.dll

    2014-01-13 15:29 . 2014-01-13 15:29 362496 ----a-w- c:\windows\system32\wow64win.dll

    2014-01-13 15:29 . 2014-01-13 15:29 243712 ----a-w- c:\windows\system32\wow64.dll

    2014-01-13 15:29 . 2014-01-13 15:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll

    2014-01-13 15:29 . 2014-01-13 15:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll

    2014-01-13 15:29 . 2014-01-13 15:29 878080 ----a-w- c:\windows\system32\advapi32.dll

    2014-01-13 15:29 . 2014-01-13 15:29 859648 ----a-w- c:\windows\system32\tdh.dll

    2014-01-13 15:29 . 2014-01-13 15:29 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

    2014-01-13 15:29 . 2014-01-13 15:29 1732032 ----a-w- c:\windows\system32\ntdll.dll

    2014-01-13 15:29 . 2014-01-13 15:29 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

    2014-01-13 15:29 . 2014-01-13 15:29 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

    2014-01-13 15:29 . 2014-01-13 15:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe

    2014-01-13 15:29 . 2014-01-13 15:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll

    2014-01-13 15:29 . 2014-01-13 15:29 2048 ----a-w- c:\windows\SysWow64\user.exe

    2014-01-13 15:29 . 2014-01-13 15:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

    2014-01-13 15:29 . 2014-01-13 15:29 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

    2014-01-13 15:29 . 2014-01-13 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2014-01-13 15:29 . 2014-01-13 15:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe

    2014-01-13 15:29 . 2014-01-13 15:29 619520 ----a-w- c:\windows\SysWow64\tdh.dll

    2014-01-13 15:29 . 2014-01-13 15:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

    2014-01-13 15:28 . 2014-01-13 15:28 327168 ----a-w- c:\windows\system32\mswsock.dll

    2014-01-13 15:28 . 2014-01-13 15:28 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2014-01-13 15:28 . 2014-01-13 15:28 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

    2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

    2013-12-29 16:22 . 2013-12-29 16:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll

    2013-12-29 16:22 . 2013-12-29 16:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

    2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

    2013-12-29 16:22 . 2013-12-29 16:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

    2013-12-29 16:22 . 2013-12-29 16:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

    "Spotify Web Helper"="c:\users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-16 1171968]

    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]

    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

    "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-09-26 900160]

    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]

    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

    .

    c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2012-11-19 298888]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

    @="service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    R1 cjxhlonj;cjxhlonj;c:\windows\system32\drivers\cjxhlonj.sys;c:\windows\SYSNATIVE\drivers\cjxhlonj.sys [x]

    R1 dkjyosnb;dkjyosnb;c:\windows\system32\drivers\dkjyosnb.sys;c:\windows\SYSNATIVE\drivers\dkjyosnb.sys [x]

    R1 fwbrsvnj;fwbrsvnj;c:\windows\system32\drivers\fwbrsvnj.sys;c:\windows\SYSNATIVE\drivers\fwbrsvnj.sys [x]

    R1 fxyjjupe;fxyjjupe;c:\windows\system32\drivers\fxyjjupe.sys;c:\windows\SYSNATIVE\drivers\fxyjjupe.sys [x]

    R1 guqoanff;guqoanff;c:\windows\system32\drivers\guqoanff.sys;c:\windows\SYSNATIVE\drivers\guqoanff.sys [x]

    R1 jwraxanq;jwraxanq;c:\windows\system32\drivers\jwraxanq.sys;c:\windows\SYSNATIVE\drivers\jwraxanq.sys [x]

    R1 lwrxddun;lwrxddun;c:\windows\system32\drivers\lwrxddun.sys;c:\windows\SYSNATIVE\drivers\lwrxddun.sys [x]

    R1 orhkgusy;orhkgusy;c:\windows\system32\drivers\orhkgusy.sys;c:\windows\SYSNATIVE\drivers\orhkgusy.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

    R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

    R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]

    S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]

    S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]

    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]

    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]

    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]

    S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]

    S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]

    S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]

    S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]

    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]

    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *Deregistered* - NisDrv

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

    2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 07:33]

    .

    2014-02-19 c:\windows\Tasks\DriverToolkit Autorun.job

    - c:\program files (x86)\DriverToolkit\DriverToolkit.exe [2014-01-13 21:22]

    .

    2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]

    .

    2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]

    .

    2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job

    - c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]

    .

    2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job

    - c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]

    .

    2014-02-16 c:\windows\Tasks\HPCeeScheduleForBrittany.job

    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]

    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]

    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]

    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com

    uLocal Page = c:\windows\system32\blank.htm

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

    FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\

    FF - prefs.js: browser.search.defaulturl -

    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=

    FF - prefs.js: browser.search.selectedEngine - Conduit Search

    FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}

    FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

    user_pref(extensions.autoDisableScopes,14);

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe

    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

    BHO-{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\Updater By SweetPacks\Extension64.dll

    AddRemove-{DF802C05-4660-418c-970C-B988ADB1D316} - c:\program files (x86)\MSN\Toolbar\3.0.0566.0\OEMSetup.exe

    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\Software\SecuROM\License information*]

    "datasecu"=hex:08,b3,c8,c4,06,75,dd,cf,a9,32,2a,b1,2a,ab,1d,66,26,26,fd,41,8f,

    ab,c7,7b,63,6f,d1,0a,28,ec,1b,43,9f,17,ba,12,00,51,ea,38,a0,14,a3,b3,11,00,\

    "rkeysecu"=hex:f0,43,a4,21,bd,dd,14,54,d5,c2,1e,52,cd,45,96,28

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker3"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2014-02-19 22:04:32

    ComboFix-quarantined-files.txt 2014-02-20 05:04

    .

    Pre-Run: 101,779,980,288 bytes free

    Post-Run: 103,183,716,352 bytes free

    .

    - - End Of File - - B2FBF1FA42B9B58802A8D53879037B94

    083EBF71AAB045AE6C5F3F9189F8327B
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    
    Folder::
    c:\windows\SysWow64\SearchProtect
    c:\users\Brittany\AppData\Local\SearchProtect
    
    
    Driver::
    orhkgusy
    lwrxddun
    jwraxanq
    guqoanff
    fxyjjupe
    fwbrsvnj
    dkjyosnb
    cjxhlonj
    
    Firefox::
    FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=
    FF - prefs.js: browser.search.selectedEngine - Conduit Search
    
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  10. burds

    burds Newcomer, in training Topic Starter

    Combofix log:

    ComboFix 14-02-20.01 - Brittany 02/20/2014 19:00:19.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2273 [GMT -7:00]
    Running from: c:\users\Brittany\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brittany\Desktop\CFScript.txt
    AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
    SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Brittany\AppData\Local\SearchProtect
    c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat
    c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
    c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
    c:\users\Brittany\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
    c:\users\Brittany\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
    c:\windows\SysWow64\SearchProtect
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_cjxhlonj
    -------\Service_dkjyosnb
    -------\Service_fwbrsvnj
    -------\Service_fxyjjupe
    -------\Service_guqoanff
    -------\Service_jwraxanq
    -------\Service_lwrxddun
    -------\Service_orhkgusy
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-02-21 02:14 . 2014-02-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-20 17:08 . 2014-02-17 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7B84CB2-151B-456B-BCDA-07F1578E84CE}\mpengine.dll
    2014-02-20 03:55 . 2014-02-20 04:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-20 03:54 . 2014-02-20 03:54 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-19 04:03 . 2014-02-19 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-02-19 04:03 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-02-17 04:07 . 2014-02-17 05:06 -------- d-----w- c:\users\Brittany\AppData\Roaming\QuickScan
    2014-02-17 02:24 . 2014-02-19 03:40 -------- d-----w- c:\users\Brittany\AppData\Roaming\Nico Mak Computing
    2014-02-14 02:58 . 2014-02-14 02:58 -------- d-----w- c:\users\Brittany\AppData\Roaming\Python-Eggs
    2014-02-14 02:58 . 2014-02-14 03:33 -------- d-----w- c:\users\Brittany\AppData\Roaming\BitLord
    2014-02-14 02:53 . 2014-02-14 04:51 -------- d-----w- c:\program files (x86)\BitLord 2
    2014-02-13 14:46 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
    2014-02-13 14:46 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-02-13 14:44 . 2014-02-06 11:22 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
    2014-02-13 06:30 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-13 06:30 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-13 06:30 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-02-13 06:30 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-02-13 06:30 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2014-02-13 06:30 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-02-13 06:30 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2014-02-13 06:30 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2014-01-23 06:43 . 2014-01-23 07:01 -------- d-----w- c:\users\Brittany\AppData\Roaming\Open Download Manager
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-18 01:46 . 2010-06-05 16:15 88567024 ----a-w- c:\windows\system32\MRT.exe
    2014-02-05 07:33 . 2013-02-23 06:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-05 07:33 . 2013-02-23 06:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-13 15:33 . 2014-01-13 15:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-01-13 15:33 . 2014-01-13 15:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-01-13 15:33 . 2014-01-13 15:33 235008 ----a-w- c:\windows\system32\elshyph.dll
    2014-01-13 15:33 . 2014-01-13 15:33 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2014-01-13 15:33 . 2014-01-13 15:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-01-13 15:33 . 2014-01-13 15:33 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2014-01-13 15:33 . 2014-01-13 15:33 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-01-13 15:33 . 2014-01-13 15:33 337408 ----a-w- c:\windows\SysWow64\html.iec
    2014-01-13 15:33 . 2014-01-13 15:33 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2014-01-13 15:33 . 2014-01-13 15:33 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2014-01-13 15:33 . 2014-01-13 15:33 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2014-01-13 15:33 . 2014-01-13 15:33 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-01-13 15:33 . 2014-01-13 15:33 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2014-01-13 15:33 . 2014-01-13 15:33 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2014-01-13 15:33 . 2014-01-13 15:33 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2014-01-13 15:33 . 2014-01-13 15:33 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-01-13 15:33 . 2014-01-13 15:33 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-01-13 15:33 . 2014-01-13 15:33 247808 ----a-w- c:\windows\system32\msls31.dll
    2014-01-13 15:33 . 2014-01-13 15:33 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2014-01-13 15:33 . 2014-01-13 15:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2014-01-13 15:33 . 2014-01-13 15:33 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2014-01-13 15:33 . 2014-01-13 15:33 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2014-01-13 15:33 . 2014-01-13 15:33 77312 ----a-w- c:\windows\system32\tdc.ocx
    2014-01-13 15:33 . 2014-01-13 15:33 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-01-13 15:33 . 2014-01-13 15:33 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-01-13 15:33 . 2014-01-13 15:33 413696 ----a-w- c:\windows\system32\html.iec
    2014-01-13 15:33 . 2014-01-13 15:33 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2014-01-13 15:33 . 2014-01-13 15:33 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2014-01-13 15:33 . 2014-01-13 15:33 81408 ----a-w- c:\windows\system32\icardie.dll
    2014-01-13 15:33 . 2014-01-13 15:33 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2014-01-13 15:33 . 2014-01-13 15:33 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-01-13 15:33 . 2014-01-13 15:33 243200 ----a-w- c:\windows\system32\webcheck.dll
    2014-01-13 15:33 . 2014-01-13 15:33 235520 ----a-w- c:\windows\system32\url.dll
    2014-01-13 15:33 . 2014-01-13 15:33 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-01-13 15:33 . 2014-01-13 15:33 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2014-01-13 15:33 . 2014-01-13 15:33 167424 ----a-w- c:\windows\system32\iexpress.exe
    2014-01-13 15:33 . 2014-01-13 15:33 143872 ----a-w- c:\windows\system32\wextract.exe
    2014-01-13 15:33 . 2014-01-13 15:33 101376 ----a-w- c:\windows\system32\inseng.dll
    2014-01-13 15:33 . 2014-01-13 15:33 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-01-13 15:33 . 2014-01-13 15:33 774144 ----a-w- c:\windows\system32\jscript.dll
    2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2014-01-13 15:33 . 2014-01-13 15:33 48128 ----a-w- c:\windows\system32\imgutil.dll
    2014-01-13 15:33 . 2014-01-13 15:33 147968 ----a-w- c:\windows\system32\occache.dll
    2014-01-13 15:33 . 2014-01-13 15:33 13824 ----a-w- c:\windows\system32\mshta.exe
    2014-01-13 15:33 . 2014-01-13 15:33 135680 ----a-w- c:\windows\system32\iepeers.dll
    2014-01-13 15:29 . 2014-01-13 15:29 362496 ----a-w- c:\windows\system32\wow64win.dll
    2014-01-13 15:29 . 2014-01-13 15:29 243712 ----a-w- c:\windows\system32\wow64.dll
    2014-01-13 15:29 . 2014-01-13 15:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2014-01-13 15:29 . 2014-01-13 15:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2014-01-13 15:29 . 2014-01-13 15:29 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-01-13 15:29 . 2014-01-13 15:29 859648 ----a-w- c:\windows\system32\tdh.dll
    2014-01-13 15:29 . 2014-01-13 15:29 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2014-01-13 15:29 . 2014-01-13 15:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2014-01-13 15:29 . 2014-01-13 15:29 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2014-01-13 15:29 . 2014-01-13 15:29 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2014-01-13 15:29 . 2014-01-13 15:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2014-01-13 15:29 . 2014-01-13 15:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2014-01-13 15:29 . 2014-01-13 15:29 2048 ----a-w- c:\windows\SysWow64\user.exe
    2014-01-13 15:29 . 2014-01-13 15:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2014-01-13 15:29 . 2014-01-13 15:29 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
    2014-01-13 15:29 . 2014-01-13 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-01-13 15:29 . 2014-01-13 15:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2014-01-13 15:29 . 2014-01-13 15:29 619520 ----a-w- c:\windows\SysWow64\tdh.dll
    2014-01-13 15:29 . 2014-01-13 15:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
    2014-01-13 15:28 . 2014-01-13 15:28 327168 ----a-w- c:\windows\system32\mswsock.dll
    2014-01-13 15:28 . 2014-01-13 15:28 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-01-13 15:28 . 2014-01-13 15:28 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-12-29 16:22 . 2013-12-29 16:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-12-29 16:22 . 2013-12-29 16:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-12-29 16:22 . 2013-12-29 16:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
    2013-12-29 16:22 . 2013-12-29 16:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
    2013-12-29 16:22 . 2013-12-29 16:22 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
    "Spotify Web Helper"="c:\users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-16 1171968]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-09-26 900160]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    .
    c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2012-11-19 298888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @="service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
    S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
    S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]
    S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
    S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
    S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
    S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 07:33]
    .
    2014-02-21 c:\windows\Tasks\DriverToolkit Autorun.job
    - c:\program files (x86)\DriverToolkit\DriverToolkit.exe [2014-01-13 21:22]
    .
    2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]
    .
    2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]
    .
    2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job
    - c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]
    .
    2014-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job
    - c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]
    .
    2014-02-16 c:\windows\Tasks\HPCeeScheduleForBrittany.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}]
    c:\program files\Updater By SweetPacks\Extension64.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}
    FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    user_pref(extensions.autoDisableScopes,14);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-{DF802C05-4660-418c-970C-B988ADB1D316} - c:\program files (x86)\MSN\Toolbar\3.0.0566.0\OEMSetup.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\Software\SecuROM\License information*]
    "datasecu"=hex:08,b3,c8,c4,06,75,dd,cf,a9,32,2a,b1,2a,ab,1d,66,26,26,fd,41,8f,
    ab,c7,7b,63,6f,d1,0a,28,ec,1b,43,9f,17,ba,12,00,51,ea,38,a0,14,a3,b3,11,00,\
    "rkeysecu"=hex:f0,43,a4,21,bd,dd,14,54,d5,c2,1e,52,cd,45,96,28
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\SafeConnect\scManager.sys
    c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2014-02-20 19:22:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-02-21 02:22
    ComboFix2.txt 2014-02-20 05:33
    ComboFix3.txt 2014-02-20 05:04
    .
    Pre-Run: 103,054,274,560 bytes free
    Post-Run: 102,806,024,192 bytes free
    .
    - - End Of File - - F37AFD13E6A9F5E81B34E28D7E3C173A
    083EBF71AAB045AE6C5F3F9189F8327B
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. burds

    burds Newcomer, in training Topic Starter

    Computer is operating normally as far as I can tell. I would have no reason to notice malware.

    AdwCleaner log:

    # AdwCleaner v3.019 - Report created 20/02/2014 at 20:26:53
    # Updated 17/02/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Brittany - BRITTANY-PC
    # Running from : C:\Users\Brittany\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files (x86)\BitLord 2
    Folder Deleted : C:\Windows\SysWOW64\ARFC
    Folder Deleted : C:\Windows\SysWOW64\jmdp
    Folder Deleted : C:\Windows\SysWOW64\WNLT
    Folder Deleted : C:\Users\Brittany\AppData\Local\genienext
    Folder Deleted : C:\Users\Brittany\AppData\Local\Mobogenie
    Folder Deleted : C:\Users\Brittany\AppData\Local\PutLockerDownloader
    Folder Deleted : C:\Users\Brittany\AppData\Roaming\BitLord
    Folder Deleted : C:\Users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    Folder Deleted : C:\Users\Brittany\Documents\BitLord
    Folder Deleted : C:\Users\Brittany\Documents\Mobogenie
    Folder Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\SweetPacksToolbarData
    File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\System32\dmwu.exe
    File Deleted : C:\Windows\System32\ImhxxpComm.dll
    File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\conduit-search.xml
    File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\MyStart.xml
    File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\SweetIm.xml
    File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
    Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222142226}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266146626}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266146626}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\caphyon
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
    Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
    Key Deleted : [x64] HKLM\SOFTWARE\wnlt

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v19.0 (en-US)

    [ File : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\prefs.js ]

    Line Deleted : user_pref("extensions.crossrider.bic", "13ded7df69fa1e4dbfdf9f387498faf3");
    Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
    Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
    Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
    Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
    Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
    Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
    Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
    Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
    Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
    Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
    Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
    Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
    Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "AVG Secure Search");
    Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={256ADF48-D9A7-445C-B787-E632A626F3A5}&mid=c98f7ecef64043f8ad4bae526baf1b1c-a60754453d27239fd33d61bb3d19aad[...]
    Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
    Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
    Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
    Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
    Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
    Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
    Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{574B339E-919D-11E2-923D-705AB68B0A73}");
    Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
    Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
    Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={574B339E-919D-11E2-923D-705AB68B0A73}");
    Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
    Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
    Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
    Line Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
    Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
    Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
    Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
    Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
    Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
    Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
    Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B");

    -\\ Google Chrome v

    [ File : C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [16855 octets] - [20/02/2014 20:26:02]
    AdwCleaner[S0].txt - [16648 octets] - [20/02/2014 20:26:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16709 octets] ##########


    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Brittany on Thu 02/20/2014 at 20:36:20.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-802716480-2462033193-2097298831-1000\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/20/2014 at 20:46:56.18
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. burds

    burds Newcomer, in training Topic Starter

    OTL logs:


    OTL logfile created on: 2/20/2014 9:03:57 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brittany\Desktop

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.11.9600.16518)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


    3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.32% Memory free

    7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.16% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]


    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 446.70 Gb Total Space | 95.56 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

    Drive D: | 18.76 Gb Total Space | 3.01 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

    Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32


    Computer Name: BRITTANY-PC | User Name: Brittany | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


    ========== Processes (SafeList) ==========


    PRC - [2014/02/20 21:03:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

    PRC - [2014/01/16 00:16:41 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

    PRC - [2014/01/13 14:22:34 | 001,286,656 | ---- | M] (Megaify Software Co., Ltd.) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

    PRC - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    PRC - [2012/12/04 09:32:15 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

    PRC - [2012/12/04 09:32:10 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

    PRC - [2012/11/19 12:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys

    PRC - [2012/11/19 12:12:32 | 000,298,888 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe

    PRC - [2012/09/26 16:44:05 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

    PRC - [2012/09/26 16:44:03 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

    PRC - [2012/09/26 16:43:10 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

    PRC - [2012/09/26 16:42:40 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

    PRC - [2009/10/06 00:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    PRC - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe

    PRC - [2007/06/21 05:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe



    ========== Modules (No Company Name) ==========


    MOD - [2014/02/13 18:33:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll

    MOD - [2014/02/13 17:44:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll

    MOD - [2014/02/13 17:43:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll

    MOD - [2014/02/13 17:43:43 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4f41ca6f8bf8621aebcbaf7e2f07ecd7\System.Data.ni.dll

    MOD - [2014/02/13 17:43:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll

    MOD - [2014/02/13 17:42:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll

    MOD - [2014/02/13 17:41:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll

    MOD - [2014/02/13 17:41:35 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll

    MOD - [2014/02/13 17:41:30 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll

    MOD - [2014/02/13 17:40:51 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll

    MOD - [2014/02/13 17:40:31 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll

    MOD - [2014/02/13 17:40:20 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll

    MOD - [2014/02/13 17:40:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll

    MOD - [2014/02/13 17:39:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll

    MOD - [2013/04/09 22:55:54 | 000,093,032 | ---- | M] () -- C:\Program Files (x86)\DriverToolkit\zlibwapi.dll

    MOD - [2013/04/05 21:54:07 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

    MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

    MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

    MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

    MOD - [2009/10/06 00:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

    MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

    MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

    MOD - [2009/09/29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

    MOD - [2009/09/29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

    MOD - [2009/09/29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

    MOD - [2009/09/29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

    MOD - [2009/09/29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

    MOD - [2009/09/29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll



    ========== Services (SafeList) ==========


    SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

    SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV:64bit: - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)

    SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

    SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)

    SRV - [2014/02/05 00:33:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2014/01/27 12:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

    SRV - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

    SRV - [2013/02/15 17:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2012/12/04 09:32:15 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)

    SRV - [2012/12/04 09:32:10 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)

    SRV - [2012/12/04 09:31:59 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)

    SRV - [2012/11/19 12:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)

    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

    SRV - [2012/09/26 16:44:03 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)

    SRV - [2012/09/26 16:43:10 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)

    SRV - [2012/09/26 16:42:40 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)

    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

    SRV - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)

    SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

    SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

    SRV - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)

    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

    SRV - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)



    ========== Driver Services (SafeList) ==========


    DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

    DRV:64bit: - [2012/09/26 16:43:34 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)

    DRV:64bit: - [2012/09/26 16:42:56 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)

    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

    DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

    DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

    DRV:64bit: - [2011/01/04 11:55:38 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)

    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

    DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

    DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

    DRV:64bit: - [2009/11/12 13:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

    DRV:64bit: - [2009/11/12 13:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

    DRV:64bit: - [2009/11/05 23:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

    DRV:64bit: - [2009/10/30 12:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

    DRV:64bit: - [2009/10/21 00:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

    DRV:64bit: - [2009/10/12 19:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

    DRV:64bit: - [2009/09/26 07:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

    DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

    DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

    DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

    DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

    DRV:64bit: - [2009/06/29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

    DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

    DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

    DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

    DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

    DRV - [2009/09/27 14:47:24 | 000,021,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)

    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)



    ========== Standard Registry (SafeList) ==========



    ========== Internet Explorer ==========


    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

    IE:64bit: - HKLM\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE:64bit: - HKLM\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE - HKLM\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7



    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =


    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =


    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{37C79003-9B01-4071-A680-9E124F4E09CA}: "URL" = http://www.google.com/search?q={sea...tIndex?}&startPage={startPage}&rlz=1I7ADRA_en

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========


    FF - prefs.js..browser.search.defaultenginename: "Bing"

    FF - prefs.js..browser.search.defaulturl: ""

    FF - user.js - File not found


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brittany\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brittany\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)


    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 09:15:42 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 19:48:19 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 09:15:42 | 000,000,000 | ---D | M]


    [2013/03/03 09:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Extensions

    [2014/02/20 20:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions

    [2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi

    [2014/02/12 18:28:40 | 000,008,114 | ---- | M] () (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi

    [2013/03/03 09:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    [2013/02/15 17:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

    [2013/02/15 17:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    [2013/02/15 17:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml


    ========== Chrome ==========


    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

    CHR - homepage:

    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll

    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll

    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll

    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

    CHR - plugin: Windows Live00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

    CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll

    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

    CHR - Extension: YouTube = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

    CHR - Extension: Google Search = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

    CHR - Extension: Cloud Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\

    CHR - Extension: StayFocusd = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0\

    CHR - Extension: Skype Click to Call = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\

    CHR - Extension: Google Wallet = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    CHR - Extension: Tumblr Savior = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.11_0\

    CHR - Extension: Google Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

    CHR - Extension: Gmail = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    CHR - Extension: YouTube = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

    CHR - Extension: Google Search = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

    CHR - Extension: Cloud Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\

    CHR - Extension: StayFocusd = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0\

    CHR - Extension: Skype Click to Call = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\

    CHR - Extension: Google Wallet = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

    CHR - Extension: Tumblr Savior = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.11_0\

    CHR - Extension: Google Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

    CHR - Extension: Gmail = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\


    O1 HOSTS File: ([2014/02/20 19:16:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost
  14. burds

    burds Newcomer, in training Topic Starter

    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found

    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found

    O3:64bit: - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

    O4 - HKLM..\Run: [] File not found

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

    O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)

    O4 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000..\Run: [Spotify Web Helper] C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

    O4 - Startup: C:\Users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

    O13 - gopher Prefix: missing

    O15 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)

    O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}: DhcpNameServer = 192.168.0.1 205.171.3.25

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35688D3B-93DF-4F8F-9A0B-EFEDB732C0D0}: DhcpNameServer = 192.168.1.1

    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)

    O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O32 - HKLM CDRom: AutoRun - 1

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35:64bit: - HKLM\..comfile [open] -- "%1" %*

    O35:64bit: - HKLM\..exefile [open] -- "%1" %*

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    ========== Files/Folders - Created Within 30 Days ==========


    [2014/02/20 21:03:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

    [2014/02/20 20:36:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

    [2014/02/20 20:34:24 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Brittany\Desktop\JRT.exe

    [2014/02/20 20:25:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner

    [2014/02/20 19:22:21 | 000,000,000 | ---D | C] -- C:\Windows\temp

    [2014/02/20 19:16:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2014/02/19 21:47:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2014/02/19 21:47:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2014/02/19 21:47:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2014/02/19 21:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2014/02/19 21:46:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

    [2014/02/19 21:40:47 | 005,183,886 | R--- | C] (Swearware) -- C:\Users\Brittany\Desktop\ComboFix.exe

    [2014/02/19 20:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    [2014/02/19 20:54:45 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

    [2014/02/19 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Desktop\mbar

    [2014/02/19 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Documents\Malwarebytes Anti-Rootkit

    [2014/02/19 20:36:13 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Desktop\RK_Quarantine

    [2014/02/19 20:30:50 | 000,000,000 | ---D | C] -- C:\Config.Msi

    [2014/02/18 21:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    [2014/02/18 21:03:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    [2014/02/18 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    [2014/02/16 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\QuickScan

    [2014/02/16 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing

    [2014/02/13 19:58:18 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Python-Eggs

    [2014/01/22 23:43:41 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Open Download Manager

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


    ========== Files - Modified Within 30 Days ==========


    [2014/02/20 21:03:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

    [2014/02/20 20:57:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job

    [2014/02/20 20:39:13 | 000,000,165 | -H-- | M] () -- C:\dvmexp.idx

    [2014/02/20 20:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2014/02/20 20:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2014/02/20 20:34:31 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Brittany\Desktop\JRT.exe

    [2014/02/20 20:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

    [2014/02/20 20:30:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

    [2014/02/20 20:30:07 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\DriverToolkit Autorun.job

    [2014/02/20 20:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2014/02/20 20:28:46 | 3062,984,704 | -HS- | M] () -- C:\hiberfil.sys

    [2014/02/20 20:25:26 | 001,241,834 | ---- | M] () -- C:\Users\Brittany\Desktop\adwcleaner.exe

    [2014/02/20 20:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

    [2014/02/20 19:16:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

    [2014/02/20 18:58:06 | 005,183,886 | R--- | M] (Swearware) -- C:\Users\Brittany\Desktop\ComboFix.exe

    [2014/02/19 21:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job

    [2014/02/19 20:54:45 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

    [2014/02/19 20:34:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

    [2014/02/19 20:34:24 | 003,817,984 | ---- | M] () -- C:\Users\Brittany\Desktop\RogueKiller.exe

    [2014/02/19 10:19:58 | 001,266,669 | ---- | M] () -- C:\Users\Brittany\Desktop\340dontlikenothin.wma

    [2014/02/18 21:03:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2014/02/16 12:07:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrittany.job

    [2014/02/13 08:09:57 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    [2014/02/13 08:09:57 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

    [2014/02/13 08:09:57 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    [2014/02/13 08:09:46 | 000,773,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


    ========== Files Created - No Company Name ==========


    [2014/02/20 20:25:16 | 001,241,834 | ---- | C] () -- C:\Users\Brittany\Desktop\adwcleaner.exe

    [2014/02/19 21:47:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

    [2014/02/19 21:47:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

    [2014/02/19 21:47:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2014/02/19 21:47:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2014/02/19 21:47:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2014/02/19 20:34:22 | 003,817,984 | ---- | C] () -- C:\Users\Brittany\Desktop\RogueKiller.exe

    [2014/02/19 10:19:56 | 001,266,669 | ---- | C] () -- C:\Users\Brittany\Desktop\340dontlikenothin.wma

    [2014/02/18 21:03:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    [2014/01/23 00:50:12 | 000,000,165 | -H-- | C] () -- C:\dvmexp.idx

    [2013/10/22 15:39:15 | 000,003,584 | ---- | C] () -- C:\Users\Brittany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2013/05/03 14:34:21 | 000,000,138 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\wklnhst.dat

    [2012/03/03 22:17:15 | 000,000,032 | ---- | C] () -- C:\Users\Brittany\jagex_cl_runescape_LIVE.dat

    [2010/12/22 09:43:08 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.1

    [2010/12/22 09:43:06 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.JPG

    [2010/12/22 09:43:06 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.0

    [2010/12/17 09:00:14 | 000,001,854 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\GhostObjGAFix.xml

    [2010/10/25 17:26:50 | 002,606,522 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpIMG_0703.0

    [2010/10/25 17:26:50 | 001,212,734 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpIMG_0703.JPG

    [2010/09/16 22:46:17 | 000,000,130 | ---- | C] () -- C:\Users\Brittany\webct_upload_applet.properties

    [2010/08/12 09:59:25 | 000,000,084 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\RSBot Accounts.ini

    [2010/06/23 10:46:45 | 000,775,702 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpJELLYFISH.JPG

    [2010/06/12 12:28:25 | 000,000,099 | ---- | C] () -- C:\Users\Brittany\jagex_runescape_preferences2.dat

    [2010/06/12 12:28:25 | 000,000,000 | ---- | C] () -- C:\Users\Brittany\jagex__preferences3.dat

    [2010/06/12 12:26:57 | 000,000,046 | ---- | C] () -- C:\Users\Brittany\jagex_runescape_preferences.dat


    ========== ZeroAccess Check ==========


    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Apartment


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Free


    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

    "ThreadingModel" = Both


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


    ========== LOP Check ==========


    [2012/08/27 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Amazon

    [2013/03/25 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\AVG2013

    [2014/01/13 21:58:45 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Barnes & Noble

    [2010/08/15 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    [2014/02/18 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing

    [2014/01/23 00:01:00 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Open Download Manager

    [2013/07/14 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Origin

    [2014/02/13 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Python-Eggs

    [2014/02/16 22:06:38 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\QuickScan

    [2014/02/19 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Spotify

    [2013/05/03 14:34:30 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Template

    [2010/06/30 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Tific

    [2013/03/25 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\TuneUp Software


    ========== Purity Check ==========




    < End of report >


    OTL Extras logfile created on: 2/20/2014 9:03:57 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brittany\Desktop

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.11.9600.16518)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


    3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.32% Memory free

    7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.16% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]


    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 446.70 Gb Total Space | 95.56 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

    Drive D: | 18.76 Gb Total Space | 3.01 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

    Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32


    Computer Name: BRITTANY-PC | User Name: Brittany | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


    ========== Extra Registry (SafeList) ==========



    ========== File Associations ==========


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)


    [HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Classes\<extension>]

    .html [@ = ChromeHTML.JPJPXEKRVVV62SL6LSCZOO7LKI] -- Reg Error: Key error. File not found


    ========== Shell Spawning ==========


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [explore] -- Reg Error: Value error.

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [explore] -- Reg Error: Value error.

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.


    ========== Security Center Settings ==========


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "cval" = 1

    "FirewallDisableNotify" = 0

    "AntiVirusDisableNotify" = 0

    "UpdatesDisableNotify" = 0


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

    "AntiVirusOverride" = 0

    "AntiSpywareOverride" = 0

    "FirewallOverride" = 0


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    "" =

    "DisableMonitoring" = 1


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]


    ========== System Restore Settings ==========


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

    "DisableSR" = 0


    ========== Firewall Settings ==========


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 0


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 0


    ========== Authorized Applications List ==========


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]



    ========== Vista Active Open Ports Exception List ==========


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{00385B40-F4C8-449E-B04D-E4FE096CD1FC}" = lport=2869 | protocol=6 | dir=in | app=system |

    "{02A2187F-D4F9-4C69-AB33-AD15F5EB84BD}" = rport=139 | protocol=6 | dir=out | app=system |

    "{15C615C9-95B0-4AEE-960F-0221A4DA6D93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
  15. burds

    burds Newcomer, in training Topic Starter

    "{28C9EC26-BEB6-467B-9042-15DA6288F815}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    "{2B35E34A-771D-4905-8C9D-9E07D2E96C92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    "{2EE6FE4F-D7BE-4B14-B304-C5C399265F49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{4291954C-30F9-4848-B30D-51CCCDA9573E}" = rport=138 | protocol=17 | dir=out | app=system |

    "{4C455D3F-E033-40BF-9EFF-98422B442D82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    "{4EA44AF9-AD07-4702-916C-11B891DB58A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{576C8980-022A-4373-834F-6D1D6411DF33}" = lport=137 | protocol=17 | dir=in | app=system |

    "{5D1D677F-3341-47E6-B435-FA44D8B2CDC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{679E4517-1D54-41C8-BB94-7E28D157ABE1}" = lport=139 | protocol=6 | dir=in | app=system |

    "{773C0D1B-B316-442A-BE87-16EA862F70AE}" = rport=10243 | protocol=6 | dir=out | app=system |

    "{78DAEDE3-02AE-4805-B6AC-A8E7E8B16341}" = rport=137 | protocol=17 | dir=out | app=system |

    "{9403A8A5-15A5-44BC-8EB5-E6F9CC5481F4}" = lport=138 | protocol=17 | dir=in | app=system |

    "{A3EF9163-81F5-4EB7-95FE-60E14DFEB809}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

    "{ABF55021-E1E8-4A72-9A71-E462768BFA4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{AD98F236-7195-46C3-90A0-97E359389A33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{BBB4ED3A-96B8-4971-947A-968765B43E73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{BC764CDC-C4F2-4BD0-B2CA-504FDCC4B182}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{C3BF6AB9-005B-43D9-AC75-8E2157C2E430}" = lport=445 | protocol=6 | dir=in | app=system |

    "{E5975A2A-92E8-4411-8B87-2D1900207224}" = lport=10243 | protocol=6 | dir=in | app=system |

    "{E81CD1A4-00EE-4FE0-B514-085151264BAF}" = rport=445 | protocol=6 | dir=out | app=system |

    "{F3A69086-4280-45A7-8C41-5BAAF99C6B22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |


    ========== Vista Active Application Exception List ==========


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{075C1619-59F1-4DDA-96C4-E8DCC427F6DC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |

    "{11AA5C7F-399F-44BA-8DEA-45EA0ECAE3C4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |

    "{13D067C0-1AFD-4A65-9D79-2DA66D7A2636}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

    "{1AE887E3-69BC-4499-8AED-E2765B1743FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    "{211EC92D-2EC0-4DFF-B254-2DB7CDF0C2BC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{22F52729-DA8A-4135-86B6-F320B1EEDF84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    "{25D4730D-3DCD-4192-A269-2F6A84114AD4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

    "{285F17F7-0E4A-4DED-A822-2F6EBFF7EA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    "{2873BD9E-9B9E-4770-B4AF-0CB815F4E076}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

    "{2947FD81-5706-46BE-9FDD-A0EC5A0A57A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

    "{32D7D3B9-19AC-4722-8FCA-A264D7F41EEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{33558B93-0ADA-428F-BA3F-C306108D0104}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{3A7273D0-06EA-4785-8434-0FCAF5F27CAD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    "{3C2C616C-5AF5-4819-B986-5A2B1B67333F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

    "{3E712164-1DDE-4AA8-8A05-CB854F3FAF46}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |

    "{429787D4-DE51-4A6D-A3EB-ACCE4E00AE88}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{42A97F78-2128-4009-B999-5B539DC65047}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |

    "{44859118-C2A9-44C0-8BFC-9E030F192BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{45EE09E6-5A69-4587-890A-267FE8240609}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

    "{468FD565-8E73-4ED6-B8DE-1D17107329FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{48E831E9-F12E-4580-A95D-6EA4302CB4EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    "{498C25BB-1B06-4E1B-BEEE-D6107696C0AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

    "{4C2A10DF-0C43-4C45-9157-39AA616D7A7E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

    "{504BC1A0-7482-4975-8E01-1CDF0A6A880A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

    "{55DEC640-81F9-49FF-B6FB-8D4173C21F5A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

    "{562D00A2-70D4-42E6-A9F8-99B4029D1120}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

    "{564A6720-C9D3-4BD8-AE0E-F8D95F9EB5A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |

    "{5A374765-8BC5-4B5D-82E4-5854FC623CE3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |

    "{5A5CF1FD-D924-4106-97C6-03B287006275}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

    "{5B8FFD1C-3D4C-480D-9731-443C2CB2E9BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    "{5C8B816F-CDD6-47B2-B55A-D2FE1946AC16}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{5D640AB1-1846-47EE-A83C-2A4E7AAB9A3B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

    "{5E3206FF-D25F-4645-A459-824CDB55908D}" = protocol=6 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

    "{5F6F1522-E564-4B8C-A84A-60ADC9B2FA3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

    "{69ACA3ED-B595-4A51-986D-7223CAF3B07E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{6EBDF8E0-8D06-4527-AC00-8DFE965C7CD3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |

    "{6F7E240D-08B5-4F8E-9551-D48FED0C6F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

    "{70B93ABA-B26F-4C3B-A770-AAD81C478C19}" = protocol=6 | dir=out | app=system |

    "{73815478-39F5-49C7-9181-71E0A3A9FAFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "{757DB73D-6906-4BFB-BCF9-9963E8BD2C47}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

    "{79AEB5FE-E446-4569-BCCA-7953B8190895}" = protocol=17 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

    "{82499E24-60F9-41A0-A83A-16AE27DC1A9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

    "{8E9B2841-7E21-430E-99DE-7081D9E4600B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{944B9F10-531E-4CF3-9E06-BA4153657412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{95680A86-5D47-40BE-A6E9-4A3EC48347FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

    "{97674F10-4307-44B2-9F7B-D450467CEB2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{9794BDA0-48D7-456C-A70C-5F5F90415AF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

    "{98909BAC-FAFD-4F57-BA57-87CEC771349D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

    "{98C527A7-514A-4994-A07F-75B2DC4F3938}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

    "{AC5B21D3-758C-468F-A064-D98683BC104F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    "{B6D6ACD3-330D-4615-9E6B-9DBE2A9067DC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

    "{B7139256-1AE1-41A6-96C8-9F58E92E46E8}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

    "{B947939F-4169-4477-B647-6A4F2654E2AF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

    "{BFB50A5F-09BA-4DDA-A0B4-61EF52C1B71E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |

    "{C59F1E47-1719-4FCE-90B0-0D8D976949EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    "{C6770BD6-68B5-484C-85AF-9B2CAD2A4059}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

    "{C996A53B-DA7A-4F51-8E79-0143A16D1B35}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

    "{CAC392E8-8957-4546-83A1-DD768BAB0232}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    "{CB0C8EC7-4AF3-4ECB-A84E-322E36F41D62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

    "{CCA3A53B-CB10-4728-875B-1C03724B58F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

    "{D192FC75-2BCC-4D73-9F60-3B70E63F0121}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

    "{D608ED8A-F691-4C24-9496-674A8AF16F84}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

    "{D67ECB71-E154-4146-B726-1313A71C8879}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    "{DC1D952B-D810-482F-86A2-A2EF229262DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

    "{DE6020A5-8F3C-4822-BF08-52B25168E43D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |

    "{E0ECA507-2EC1-47E3-928C-6DF50A698402}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{EA6C5AE4-8721-49F1-92C1-D8DA5CA0BB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{EC9ED376-E1DE-459C-9C07-D7BC6021398D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    "{FDAC3D59-0222-4BCA-B1CA-644EC0385623}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "TCP Query User{27B985A7-BCE3-4EA7-A076-FB8EA537D16B}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

    "TCP Query User{B68AF522-47C4-4B05-AA99-94A7C4B1D809}C:\users\brittany\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\brittany\appdata\roaming\spotify\spotify.exe |

    "UDP Query User{01E34B08-6E80-4967-8981-865ECC818CFD}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

    "UDP Query User{B74CD1F7-9B9F-49A3-8DD6-2AE55B427971}C:\users\brittany\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\brittany\appdata\roaming\spotify\spotify.exe |


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========


    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

    "{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)

    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel

    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)

    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

    "{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11

    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard

    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver

    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0

    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes

    "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver

    "{E319D46F-4F14-4867-94CD-FB203ED60AFC}" = HP Officejet 6500 E710a-f Product Improvement Study

    "{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software

    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

    "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)

    "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

    "FindRight" = FindRight

    "HP Smart Web Printing" = HP Smart Web Printing 4.60

    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

    "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help

    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

    "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate

    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts

    "{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer

    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

    "{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb

    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45

    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix

    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

    "{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime

    "{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons

    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar

    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth

    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable

    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    "{78915DBA-4FD6-4B85-AC4C-5862BB4D884F}" = HP User Guides 0186

    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

    "{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff

    "{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries

    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

    "{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo

    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB2.0&PCIE Card Reader

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus

    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5

    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

    "{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

    "{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree

    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player

    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com

    "{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff

    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

    "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

    "{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life

    "{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant

    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin

    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

    "AudibleManager" = AudibleManager

    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

    "Dolphin x86" = Dolphin x86

    "HOMESTUDENTR" = Microsoft Office Home and Student 2007

    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

    "Money2008b" = Microsoft Money Plus

    "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)

    "MozillaMaintenanceService" = Mozilla Maintenance Service

    "NOOK Study" = NOOK Study

    "Origin" = Origin

    "SafeConnect" = SafeConnect

    "WinLiveSuite_Wave3" = Windows Live Essentials


    ========== HKEY_USERS Uninstall List ==========


    [HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Google Chrome" = Google Chrome

    "Spotify" = Spotify


    ========== Last 20 Event Log Errors ==========


    [ Hewlett-Packard Events ]

    Error - 2/6/2013 10:24:25 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

    message) Exception rethrown at [0] Message: The server did not provide a meaningful

    reply; this might be caused by a contract mismatch, a premature session shutdown

    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()


    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib


    Name:

    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

    Framework\HPSF.exe Format: en-US RAM: 3894 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

    System.Runtime.Remoting.Messaging.IMessage)


    Error - 2/6/2013 10:24:25 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

    message) Exception rethrown at [0] Message: The server did not provide a meaningful

    reply; this might be caused by a contract mismatch, a premature session shutdown

    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()


    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib


    Name:

    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

    Framework\HPSF.exe Format: en-US RAM: 3894 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

    System.Runtime.Remoting.Messaging.IMessage)


    Error - 2/6/2013 10:24:43 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

    Description =


    Error - 2/6/2013 10:25:05 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

    Description =


    Error - 2/28/2013 3:17:13 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

    Description =


    Error - 4/11/2013 2:34:09 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Message:

    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Source:

    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

    Ram

    Utilization: 50 TargetSite: Void addTempSession()


    Error - 4/18/2013 2:17:20 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Message:

    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Source:

    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

    Ram

    Utilization: 40 TargetSite: Void addTempSession()


    Error - 4/25/2013 2:37:24 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Message:

    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Source:

    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

    Ram

    Utilization: 60 TargetSite: Void addTempSession()


    Error - 5/2/2013 2:32:39 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Message:

    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Source:

    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

    Ram

    Utilization: 60 TargetSite: Void addTempSession()


    Error - 5/9/2013 2:16:53 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

    Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Message:

    Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

    Source:

    HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

    Ram

    Utilization: 50 TargetSite: Void addTempSession()


    [ System Events ]

    Error - 2/21/2014 12:19:32 AM | Computer Name = Brittany-PC | Source = DCOM | ID = 10010

    Description =



    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    [​IMG]
    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
    O4 - HKLM..\Run: [] File not found
    O15 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Click on "Run ESET Online Scanner" button.
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. burds

    burds Newcomer, in training Topic Starter

    The ESET scanner didn't find anything so there was no list of found threats to click. I have no text file for that one, but here are the rest:

    OTL log:

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brittany
    ->Temp folder emptied: 2294210 bytes
    ->Temporary Internet Files folder emptied: 10860036 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 36047173 bytes
    ->Google Chrome cache emptied: 374424879 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 354752 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13089 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43293598 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 446.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Brittany
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brittany
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02202014_225456

    Files\Folders moved on Reboot...
    C:\Users\Brittany\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Brittany\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    Security Check log:

    Results of screen317's Security Check version 0.99.79
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Sophos Anti-Virus
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 12.0.0.70 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 19.0 Firefox out of Date!
    Google Chrome 32.0.1700.102
    Google Chrome 32.0.1700.107
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Sophos Sophos Anti-Virus SavService.exe
    Sophos Sophos Anti-Virus SAVAdminService.exe
    Sophos Sophos Anti-Virus Web Control swc_service.exe
    Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    FSS log:

    Farbar Service Scanner Version: 16-02-2014
    Ran by Brittany (administrator) on 21-02-2014 at 09:39:23
    Running from "C:\Users\Brittany\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  18. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    [​IMG] Update Firefox to the current 27.0.1 version.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    13. Please, let me know, how your computer is doing.
  19. burds

    burds Newcomer, in training Topic Starter

    My computer is running normally and doing great! Thank you sooooooooooo much!
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.