Solved Internet running super slow pop ups possible ZeroAccess

shannon1970 · Nov 1, 2013

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Jeff :: HOME-PC [administrator]

1/2/2008 9:56:42 AM
mbam-log-2008-01-02 (09-56-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324343
Time elapsed: 19 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\GamevanceText.DLL (Adware.GameVance) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\swetaswxxx.exe (Trojan.SpyEyes.Gen) -> Quarantined and deleted successfully.

Files Detected: 1
C:\swetaswxxx.exe\config.bin (Trojan.SpyEyes.Gen) -> Quarantined and deleted successfully.

(end)

.

shannon1970 · Nov 1, 2013

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.25.2
Run by Jeff at 10:54:58 on 2008-01-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1049 [GMT -8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\RADIOR~2\bar\1.bin\4jbarsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\DriverUpdate\DriverUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Comcast\pcTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis0.dll
uURLSearchHooks: <No Name>: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
BHO: Toolbar BHO: {48909954-14fb-4971-a7b3-47e7af10b38a} - c:\program files\radiorage_4j\bar\1.bin\4jbar.dll
BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis0.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWis0.dll
TB: RadioRage: {78BA36C9-6036-482B-B48D-ECCA6F964B84} - c:\program files\radiorage_4j\bar\1.bin\4jbar.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWis0.dll
TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - c:\program files\radiorage_4j\bar\1.bin\4jbar.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [winHelpMusic] rundll32.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN35JBXHH805KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [RadioRage Search Scope Monitor] "c:\progra~1\radior~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
mRun: [RadioRage_4j Browser Plugin Loader] c:\progra~1\radior~2\bar\1.bin\4jbrmon.exe
mRun: [Comcast_McciTrayApp] "c:\program files\comcast\pcTrayApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{e0b00b69-c244-46d1-bbd9-e400bb88dfcc}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: rvassociates.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3FDEA10-F1D0-40D5-9A9A-6E0150669A29} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D427EF7F-EC23-4485-B5E3-E124A08492E7} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\jpcsz7ua.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&p2=^ZX^xdm039^YY^us&si=radiopi
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&ind=2013012710&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\radiorage_4j\bar\1.bin\NP4jStub.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jeff\appdata\local\roblox\versions\version-6e655c3defe448aa\NPRobloxProxy.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2010-12-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\jpcsz7ua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF - ExtSQL: 2011-12-17 14:02; {5911488E-9D1E-40ec-8CBB-06B231CC153F}; c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - ExtSQL: 2012-06-11 12:32; toolbar@ask.com; c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\jpcsz7ua.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-01-20 18:29; 4jffxtbr@RadioRage_4j.com; c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\jpcsz7ua.default\extensions\4jffxtbr@RadioRage_4j.com
FF - ExtSQL: 2013-09-27 07:54; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2009-08-23 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-20 18:29; 4jffxtbr@RadioRage_4j.com; c:\program files\radiorage_4j\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-9-27 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-9-27 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-27 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-27 369584]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-7-21 37664]
R2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [2012-8-14 43624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-27 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-27 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-27 46808]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-6-20 173192]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-5-4 369152]
R2 RadioRage_4jService;RadioRageService;c:\progra~1\radior~2\bar\1.bin\4jbarsvc.exe [2013-1-20 42504]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-2 1734680]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2013-6-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 mini;mini;c:\windows\system32\drivers\mini_x86.sys [2012-2-1 57360]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-7-15 13464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2010-1-3 645120]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.

shannon1970 · Nov 1, 2013

=============== Created Last 30 ================
.
2013-10-29 09:17:117796464----a-w-c:\programdata\microsoft\windows defender\definition updates\{5107a15a-ebd9-44b0-b140-820146dd5f96}\mpengine.dll
2013-10-10 20:56:121069056----a-w-c:\windows\system32\DWrite.dll
2013-10-10 20:56:11798208----a-w-c:\windows\system32\FntCache.dll
2013-10-10 20:56:11683008----a-w-c:\windows\system32\d2d1.dll
2013-10-10 20:56:11486400----a-w-c:\windows\system32\d3d10level9.dll
2013-10-10 20:56:11219648----a-w-c:\windows\system32\d3d10_1core.dll
2013-10-10 20:56:11189952----a-w-c:\windows\system32\d3d10core.dll
2013-10-10 20:56:11160768----a-w-c:\windows\system32\d3d10_1.dll
2013-10-10 20:56:111172480----a-w-c:\windows\system32\d3d10warp.dll
2013-10-10 20:56:111029120----a-w-c:\windows\system32\d3d10.dll
2013-10-10 20:56:10638400----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:56:1037376----a-w-c:\windows\system32\cdd.dll
2013-10-10 20:56:09102608----a-w-c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:56:072050048----a-w-c:\windows\system32\win32k.sys
2013-10-06 01:26:33273304----a-w-c:\program files\mozilla firefox\updater.exe
2013-10-05 17:33:41--------d-----w-c:\users\jeff\appdata\local\SearchProtect
2013-09-27 14:54:53770344----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-09-27 14:54:52177864----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-09-27 14:54:5149376----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-09-27 14:54:4766336----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-09-27 14:53:4041664----a-w-c:\windows\avastSS.scr
2013-09-27 14:52:45--------d-----w-c:\program files\AVAST Software
2013-09-27 14:52:06--------d-----w-c:\programdata\AVAST Software
2013-09-12 17:52:54615936----a-w-c:\windows\system32\themeui.dll
2013-08-28 01:08:221548288----a-w-c:\windows\system32\WMVDECOD.DLL
2013-08-18 10:08:46--------d-----w-c:\windows\system32\MRT
2013-08-18 02:06:1124064----a-w-c:\windows\system32\drivers\tssecsrv.sys
2013-08-18 02:06:1115872----a-w-c:\windows\system32\icaapi.dll
2013-08-18 02:06:042048----a-w-c:\windows\system32\tzres.dll
2013-08-18 02:05:33905664----a-w-c:\windows\system32\drivers\tcpip.sys
2013-08-18 02:05:28783360----a-w-c:\windows\system32\rpcrt4.dll
2013-08-18 02:05:233551680----a-w-c:\windows\system32\ntoskrnl.exe
2013-08-18 02:05:223603904----a-w-c:\windows\system32\ntkrnlpa.exe
2013-08-18 02:05:221205168----a-w-c:\windows\system32\ntdll.dll
2013-08-18 02:05:00992768----a-w-c:\windows\system32\crypt32.dll
2013-08-18 02:05:00133120----a-w-c:\windows\system32\cryptsvc.dll
2013-08-18 02:04:5998304----a-w-c:\windows\system32\cryptnet.dll
2013-08-18 02:04:59172544----a-w-c:\windows\system32\wintrust.dll
2013-07-25 03:26:34580712------w-c:\windows\system32\HPDiscoPM5912.dll
2013-07-25 03:21:08--------d-----w-c:\users\jeff\appdata\local\HP
2013-07-22 01:36:0094632----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 18:39:49--------d-----w-c:\users\jeff\appdata\local\AVG SafeGuard toolbar
2013-07-21 18:39:4037664----a-w-c:\windows\system32\drivers\avgtpx86.sys
2013-07-21 18:39:36--------d-----w-c:\programdata\AVG SafeGuard toolbar
2013-07-21 18:39:36--------d-----w-c:\program files\common files\AVG Secure Search
2013-07-21 18:39:33--------d-----w-c:\program files\AVG SafeGuard toolbar
2013-07-21 18:38:43--------d--h--w-c:\programdata\Common Files
2013-07-18 01:30:2617325760----a-w-c:\program files\common files\microsoft shared\office12\MSO.DLL
2013-07-16 01:42:3513464----a-w-c:\windows\system32\drivers\SWDUMon.sys
2013-07-16 01:42:34--------d-----w-c:\users\jeff\appdata\local\SlimWare Utilities Inc
2013-07-16 01:42:25--------d-----w-c:\program files\DriverUpdate
2013-07-11 17:23:32505344----a-w-c:\windows\system32\qedit.dll
2013-07-11 17:23:30983552----a-w-c:\program files\windows journal\JNTFiltr.dll
2013-07-11 17:23:30964608----a-w-c:\program files\windows journal\JNWDRV.dll
2013-07-11 17:23:30936960----a-w-c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-11 17:23:301218048----a-w-c:\program files\windows journal\NBDoc.DLL
2013-07-11 01:07:22756888----a-w-c:\program files\common files\microsoft shared\office12\MSPTLS.DLL
2013-06-24 17:22:18--------d-----w-c:\users\jeff\appdata\roaming\Comcast
2013-06-21 10:18:2892256----a-w-c:\programdata\microsoft\bingdesktop\updater\BingDesktopRestarter.exe
2013-06-20 18:40:509793536----a-w-c:\programdata\microsoft\bingdesktop\updater\BingDesktop.msi
2013-06-20 02:44:541366656----a-w-c:\program files\common files\microsoft shared\office11\msxml5.dll
2013-06-17 05:29:43--------d-----w-c:\windows\en
2013-06-17 05:29:1639272----a-w-c:\windows\system32\drivers\fssfltr.sys
2013-06-17 05:27:59--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
2013-06-17 05:25:4869464----a-w-c:\windows\system32\XAPOFX1_3.dll
2013-06-17 05:25:48515416----a-w-c:\windows\system32\XAudio2_5.dll
2013-06-17 05:25:48453456----a-w-c:\windows\system32\d3dx10_42.dll
2013-06-17 05:25:323426072----a-w-c:\windows\system32\d3dx9_32.dll
2013-06-17 05:00:0215712----a-w-c:\program files\common files\windows live\.cache\86895f691ce6b1736\MeshBetaRemover.exe
2013-06-17 04:59:4289944----a-w-c:\program files\common files\windows live\.cache\7a587e191ce6b1729\DSETUP.dll
2013-06-17 04:59:42537432----a-w-c:\program files\common files\windows live\.cache\7a587e191ce6b1729\DXSETUP.exe
2013-06-17 04:59:421801048----a-w-c:\program files\common files\windows live\.cache\7a587e191ce6b1729\dsetup32.dll
2013-06-17 04:59:4194040----a-w-c:\program files\common files\windows live\.cache\796963291ce6b1728\DSETUP.dll
2013-06-17 04:59:41525656----a-w-c:\program files\common files\windows live\.cache\796963291ce6b1728\DXSETUP.exe
2013-06-17 04:59:411691480----a-w-c:\program files\common files\windows live\.cache\796963291ce6b1728\dsetup32.dll
2013-06-17 04:58:50--------d-----w-c:\users\jeff\appdata\local\Windows Live
2013-06-17 04:58:50--------d-----w-c:\program files\common files\Windows Live
2013-06-17 04:58:35754688----a-w-c:\windows\system32\webservices.dll
2013-06-17 03:58:174984----a-w-c:\windows\system32\drivers\nvphy.bin
2013-06-15 16:23:49--------d-----w-c:\program files\iPod
2013-06-15 16:23:45--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-15 16:23:45--------d-----w-c:\program files\iTunes
2013-06-12 21:36:17443904----a-w-c:\windows\system32\win32spl.dll
2013-06-12 21:36:1737376----a-w-c:\windows\system32\printcom.dll
2013-06-12 21:35:57812544----a-w-c:\windows\system32\certutil.exe
2013-06-12 21:35:5641984----a-w-c:\windows\system32\certenc.dll
2013-06-12 21:35:1524576----a-w-c:\windows\system32\cryptdlg.dll
2013-05-25 17:59:05159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-25 17:59:05159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-25 17:59:05159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-25 17:59:05159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-25 17:59:05159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-10 07:57:26187456----a-w-c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-09 08:07:001618096----a-w-c:\program files\common files\microsoft shared\office12\OGL.DLL
2013-05-04 19:51:18--------d-----w-c:\program files\Comcast
2013-05-04 19:50:46--------d-----w-c:\program files\common files\Motive
2013-05-01 10:59:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx
2013-05-01 10:59:1269632----a-w-c:\windows\system32\QuickTime.qts
2013-04-10 19:37:271082232----a-w-c:\windows\system32\drivers\ntfs.sys
2013-04-10 19:37:2364000----a-w-c:\windows\system32\smss.exe
2013-04-10 19:37:2349152----a-w-c:\windows\system32\csrsrv.dll
2013-04-10 19:37:202067968----a-w-c:\windows\system32\mstscax.dll
2013-04-10 19:37:17376320----a-w-c:\windows\system32\winsrv.dll
2013-04-02 14:09:524550656----a-w-c:\windows\system32\GPhotos.scr
2013-03-16 19:48:4515872----a-w-c:\windows\system32\drivers\usb8023.sys
2013-02-13 06:29:031314816----a-w-c:\windows\system32\quartz.dll
2013-01-27 18:46:13--------d-----w-c:\users\jeff\appdata\local\RadioRage_4j
2013-01-21 02:29:28--------d-----w-c:\program files\RadioRage_4j
2013-01-14 01:04:42--------d-----w-c:\program files\Conduit
2013-01-14 01:04:00--------d-----w-c:\users\jeff\appdata\local\Conduit
2013-01-14 01:03:55--------d-----w-c:\program files\WiseConvert
2013-01-09 03:20:47204288----a-w-c:\windows\system32\ncrypt.dll
2013-01-09 03:20:391400832----a-w-c:\windows\system32\msxml6.dll
2012-12-13 21:50:386112864----a-w-c:\windows\system32\usbaaplrc.dll
2012-12-13 21:50:3845056----a-w-c:\windows\system32\drivers\usbaapl.sys
2012-12-13 11:04:009728----a-w-c:\windows\system32\Wdfres.dll
2012-12-13 11:03:5666560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 11:03:5616896----a-w-c:\windows\system32\winusb.dll
2012-12-13 11:03:56155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 11:03:5573216----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-13 11:03:55172032----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-13 11:03:5447720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 11:03:5438912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 11:03:5434944----a-w-c:\windows\system32\drivers\winusb.sys
2012-12-13 11:03:54196608----a-w-c:\windows\system32\WUDFHost.exe
2012-12-13 11:03:53613888----a-w-c:\windows\system32\WUDFx.dll
2012-12-13 01:45:26376320----a-w-c:\windows\system32\dpnet.dll
2012-12-13 01:45:2523040----a-w-c:\windows\system32\dpnsvr.exe
2012-12-13 01:45:23224640----a-w-c:\windows\system32\drivers\volsnap.sys
2012-11-13 22:24:0975776----a-w-c:\windows\system32\synceng.dll
2012-10-17 18:26:02499088----a-w-c:\windows\system32\HPWia2_OJ8600.dll
2012-10-17 18:26:02268688----a-w-c:\windows\system32\hpinksts5912LM.dll
2012-10-17 18:26:022216336----a-w-c:\windows\system32\hpinkins5912.exe
2012-10-17 18:26:02220560----a-w-c:\windows\system32\hpinkcoi5912.dll
2012-10-17 18:26:021979280----a-w-c:\windows\system32\HPScanTRDrv_OJ8600.dll
2012-10-13 17:11:1126840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-04 07:15:25--------d-----r-c:\program files\Skype
2012-08-27 04:03:43--------d-----w-c:\users\jeff\appdata\roaming\StartNow Toolbar
2012-08-15 19:33:29623616----a-w-c:\windows\system32\localspl.dll
2012-07-22 15:15:27708608----a-w-c:\program files\common files\system\ado\msado15.dll
2012-07-22 15:15:251248768----a-w-c:\windows\system32\msxml3.dll
2012-07-22 15:15:24440704----a-w-c:\windows\system32\drivers\ksecdd.sys
2012-07-22 15:15:24278528----a-w-c:\windows\system32\schannel.dll
2012-07-01 18:31:37--------d-----w-c:\users\jeff\appdata\local\Macromedia
2012-06-23 18:04:46867240----a-w-c:\windows\system32\npdeployJava1.dll
2012-06-23 17:58:102422272----a-w-c:\windows\system32\wucltux.dll
2012-06-23 17:57:2388576----a-w-c:\windows\system32\wudriver.dll
2012-06-23 17:56:5233792----a-w-c:\windows\system32\wuapp.exe
2012-06-23 17:56:52171904----a-w-c:\windows\system32\wuwebv.dll
2012-06-15 18:36:03180736----a-w-c:\windows\system32\drivers\rdpwd.sys
2012-06-11 19:29:42--------d-----w-c:\program files\Mozilla Maintenance Service
2012-05-08 17:30:4953120----a-w-c:\windows\system32\drivers\partmgr.sys
2012-05-08 17:30:431404928----a-w-c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-08 17:30:4247104----a-w-c:\program files\windows journal\PDIALOG.exe
2012-04-22 18:57:55--------d-----w-c:\program files\Cisco Systems
2012-04-22 18:48:48--------d-----w-c:\programdata\Cisco Systems
2012-04-19 06:02:12692616----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-04-10 20:49:305120----a-w-c:\windows\system32\wmi.dll
2012-04-10 20:49:30157696----a-w-c:\windows\system32\imagehlp.dll
2012-04-10 20:49:3012800----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-04-10 20:04:282409784----a-w-c:\program files\windows mail\OESpamFilter.dat
2012-03-13 19:32:35613376----a-w-c:\windows\system32\rdpencom.dll
2012-03-09 01:50:2849016----a-w-c:\windows\system32\sirenacm.dll
2012-03-09 01:37:20302448----a-w-c:\windows\WLXPGSS.SCR
2012-02-26 00:52:41--------d-----w-c:\program files\Cricut-Craft Room
2012-02-15 20:49:30680448----a-w-c:\windows\system32\msvcrt.dll
2012-02-12 20:04:5237198----a-w-c:\programdata\SPL53E.tmp
2012-02-01 17:14:4957360----a-w-c:\windows\system32\drivers\mini_x86.sys
2012-02-01 17:14:49--------d-----w-c:\program files\Provocraft
2012-02-01 17:10:05--------d-----w-c:\users\jeff\appdata\roaming\com.cricut.Cricut-CraftRoom
2012-01-17 00:58:07--------d-----w-c:\programdata\McAfee Security Scan
2012-01-17 00:58:05--------d-----w-c:\program files\McAfee Security Scan
2012-01-11 16:27:539728----a-w-c:\windows\system32\lsass.exe
2012-01-11 16:27:5372704----a-w-c:\windows\system32\secur32.dll
2012-01-11 16:27:53377344----a-w-c:\windows\system32\winhttp.dll
2012-01-11 16:27:531259008----a-w-c:\windows\system32\lsasrv.dll
2012-01-11 00:38:0466560----a-w-c:\windows\system32\packager.dll
2012-01-11 00:38:0423552----a-w-c:\windows\system32\mciseq.dll
2012-01-11 00:38:04189952----a-w-c:\windows\system32\winmm.dll
2012-01-11 00:38:02497152----a-w-c:\windows\system32\qdvd.dll
2011-12-17 22:02:55--------d-----w-c:\program files\StartNow Toolbar
2011-12-17 22:02:0998304----a-w-c:\windows\system32\redmonnt.dll
2011-12-17 22:01:38--------d-----w-c:\program files\Ask.com
2011-12-17 22:01:28--------d-----w-c:\program files\FoxTabPDFConverter
2011-12-14 22:40:07429056----a-w-c:\windows\system32\EncDec.dll
2011-12-10 16:56:58--------d-----w-c:\program files\Bonjour
2011-11-10 14:31:3271048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 21:05:54707584----a-w-c:\program files\common files\system\wab32.dll
2011-10-30 03:32:54--------d-----w-c:\windows\system32\ms-MY
2011-10-30 03:32:5315584----a-w-c:\users\jeff\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-10-30 03:30:59--------d-----w-c:\windows\system32\drivers\umdf\ja-JP
2011-10-30 03:30:57--------d-----w-c:\windows\system32\drivers\umdf\pt-BR
2011-10-30 03:30:53--------d-----w-c:\windows\system32\drivers\umdf\pt-PT
2011-10-30 03:30:49--------d-----w-c:\windows\system32\drivers\umdf\nl-NL
2011-10-30 03:30:45--------d-----w-c:\windows\system32\drivers\umdf\it-IT
2011-10-30 03:30:39--------d-----w-c:\windows\system32\drivers\umdf\de-DE
2011-10-30 03:30:34--------d-----w-c:\windows\system32\drivers\umdf\fr-FR
2011-10-30 03:30:30--------d-----w-c:\windows\system32\drivers\umdf\es-ES
2011-10-26 14:37:546144----a-w-c:\program files\internet explorer\iecompat.dll
2011-10-13 16:50:4769632----a-w-c:\windows\system32\Mpeg2Data.ax
2011-10-13 16:50:4757856----a-w-c:\windows\system32\MSDvbNP.ax
2011-10-13 16:50:47293376----a-w-c:\windows\system32\psisdecd.dll
2011-10-13 16:50:47217088----a-w-c:\windows\system32\psisrndr.ax
2011-10-13 16:50:18563712----a-w-c:\windows\system32\oleaut32.dll
2011-10-13 16:50:18555520----a-w-c:\windows\system32\UIAutomationCore.dll
2011-10-13 16:50:184096----a-w-c:\windows\system32\oleaccrc.dll
2011-10-13 16:50:18238080----a-w-c:\windows\system32\oleacc.dll
2011-09-17 15:59:34--------d-----w-c:\users\jeff\appdata\local\acxWITask
2011-08-31 07:05:0483816----a-w-c:\windows\system32\dns-sd.exe
2011-08-31 07:05:0473064----a-w-c:\windows\system32\dnssd.dll
2011-08-31 07:05:0450536----a-w-c:\windows\system32\jdns_sd.dll
2011-08-31 07:05:04178536----a-w-c:\windows\system32\dnssdX.dll
2011-08-10 23:58:34214016----a-w-c:\windows\system32\drivers\mrxsmb10.sys
2011-08-05 19:20:2665024----a-w-c:\windows\system32\ZuneTcp2Udp.dll
2011-08-05 19:20:2658368----a-w-c:\windows\system32\ZuneRegUtil.dll
2011-08-05 19:20:2646080----a-w-c:\windows\system32\ZunePTDNS.dll
2011-08-05 19:20:26130560----a-w-c:\windows\system32\ZuneUsbTransport.dll
2011-08-05 19:20:24365056----a-w-c:\windows\system32\ZuneNetProxy.dll
2011-08-05 19:20:24203776----a-w-c:\windows\system32\ZuneMTPZ.dll
2011-08-05 19:20:20796672----a-w-c:\windows\system32\drivers\umdf\ZuneDriver.dll
2011-08-05 19:20:18332800----a-w-c:\windows\system32\ZuneCoInst.dll
2011-07-27 13:33:081064296----a-w-c:\program files\common files\microsoft shared\office12\RICHED20.DLL
2011-06-17 14:57:19--------d-----w-c:\program files\Citrix
2011-06-17 14:57:0972080----a-w-c:\users\jeff\g2mdlhlpx.exe
2011-06-15 21:31:5175264----a-w-c:\windows\system32\drivers\dfsc.sys
2011-06-15 21:31:39273408----a-w-c:\windows\system32\drivers\afd.sys
2011-06-15 21:31:36146432----a-w-c:\windows\system32\drivers\srv2.sys
2011-06-15 21:31:36102400----a-w-c:\windows\system32\drivers\srvnet.sys
2011-06-15 21:30:50739328----a-w-c:\windows\system32\inetcomm.dll
2011-06-15 21:30:4679872----a-w-c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 21:30:46106496----a-w-c:\windows\system32\drivers\mrxsmb.sys
2011-06-01 00:26:54986000----a-w-c:\program files\common files\microsoft shared\office12\msoshext.dll
2011-05-14 16:56:31--------d--h--w-c:\windows\msdownld.tmp
2011-05-14 04:11:54641536----a-w-c:\program files\common files\microsoft shared\vc\msdia80.dll
2011-05-09 14:37:32--------d-----w-c:\users\jeff\appdata\roaming\HpUpdate
2011-05-09 14:37:30--------d-----w-c:\windows\Hewlett-Packard
2011-04-27 17:03:414240384----a-w-c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 17:03:4128672----a-w-c:\windows\system32\Apphlpdm.dll
2011-04-27 17:03:39876032----a-w-c:\windows\system32\XpsPrint.dll
2011-04-20 14:15:35883064----a-w-c:\programdata\SPL82E7.tmp
2011-04-19 11:47:04670032----a-w-c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-04-14 13:50:2669632----a-w-c:\windows\system32\drivers\bowser.sys
2011-04-14 13:50:241162240----a-w-c:\windows\system32\mfc42u.dll
2011-04-14 13:50:231136640----a-w-c:\windows\system32\mfc42.dll
2011-04-14 13:50:20305152----a-w-c:\windows\system32\drivers\srv.sys
2011-04-14 13:50:1886528----a-w-c:\windows\system32\dnsrslvr.dll
2011-04-14 13:50:1825088----a-w-c:\windows\system32\dnscacheugc.exe
2011-04-13 15:15:183709192----a-w-c:\programdata\microsoft\bingbar\bbsvc\7.0.614.0oemBingBarSetup-Partner.EXE
2011-03-29 03:39:161568168----a-w-c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL
2011-03-29 03:35:06441216----a-w-c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
2011-03-29 03:33:28856984----a-w-c:\program files\common files\microsoft shared\windows live\wlidcli.dll
2011-03-29 03:33:2857752----a-w-c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
2011-03-29 03:31:16193920----a-w-c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE
2011-03-29 03:31:141713536----a-w-c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
2011-03-29 01:36:4622240----a-w-c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-03-29 01:36:46196416----a-w-c:\program files\common files\microsoft shared\windows live\SQMAPI.DLL
2011-03-23 15:11:28288768----a-w-c:\windows\system32\XpsGdiConverter.dll
2011-03-09 05:18:41322560----a-w-c:\windows\system32\sbe.dll
2011-03-09 05:18:40177664----a-w-c:\windows\system32\mpg2splt.ax
2011-03-09 05:18:40153088----a-w-c:\windows\system32\sbeio.dll
2011-03-09 05:18:39677888----a-w-c:\windows\system32\mstsc.exe
2011-02-24 11:01:052048----a-w-c:\windows\system32\winrsmgr.dll
2011-02-20 06:03:12799568----a-w-c:\program files\common files\microsoft shared\vc\msdia100.dll
2011-01-16 16:10:034591616----a-w-c:\programdata\SPL531.tmp
2011-01-14 15:44:241237268----a-w-c:\programdata\SPLBAF5.tmp
2011-01-12 18:16:11413696----a-w-c:\windows\system32\odbc32.dll
2011-01-12 18:16:1057344----a-w-c:\program files\common files\system\msadc\msadcs.dll
2011-01-12 18:16:10253952----a-w-c:\program files\common files\system\ado\msadox.dll
2011-01-12 18:16:10241664----a-w-c:\program files\common files\system\ado\msadomd.dll
2011-01-12 18:16:10180224----a-w-c:\program files\common files\system\msadc\msadco.dll
2011-01-12 18:16:091169408----a-w-c:\windows\system32\sdclt.exe
2011-01-05 11:18:54--------d-----w-c:\program files\Windows Portable Devices
2011-01-05 11:03:1292672----a-w-c:\windows\system32\UIAnimation.dll
2011-01-05 11:03:113023360----a-w-c:\windows\system32\UIRibbon.dll
2011-01-05 11:03:111164800----a-w-c:\windows\system32\UIRibbonRes.dll
2011-01-04 22:34:08231424----a-w-c:\windows\system32\msshsq.dll
2011-01-04 17:29:29--------d-----w-c:\windows\system32\eu-ES
2011-01-04 17:29:29--------d-----w-c:\windows\system32\ca-ES
2011-01-04 17:29:28--------d-----w-c:\windows\system32\vi-VN
2010-12-26 03:57:37--------d-----w-c:\users\jeff\appdata\roaming\.minecraft
2010-12-26 03:55:23--------d-----w-c:\users\jeff\appdata\local\Mozilla
2010-12-24 18:54:2638259----a-w-c:\programdata\SPL8F3F.tmp
2010-12-15 19:02:5166048----a-w-c:\program files\windows mail\wabmig.exe
2010-12-15 19:02:51515584----a-w-c:\program files\windows mail\wab.exe
2010-12-15 19:02:5033280----a-w-c:\program files\windows mail\wabfind.dll
2010-12-15 19:02:44601600----a-w-c:\windows\system32\schedsvc.dll
2010-12-15 19:02:44352768----a-w-c:\windows\system32\taskschd.dll
2010-12-15 19:02:44345600----a-w-c:\windows\system32\wmicmiplugin.dll
2010-12-15 19:02:44270336----a-w-c:\windows\system32\taskcomp.dll
2010-12-15 19:02:44171520----a-w-c:\windows\system32\taskeng.exe
2010-12-15 19:02:4281920----a-w-c:\windows\system32\consent.exe
2010-12-15 19:02:4072704----a-w-c:\windows\system32\fontsub.dll
2010-12-15 17:53:47133634----a-w-c:\programdata\SPL92B4.tmp
2010-12-06 07:01:58389120----a-w-c:\windows\system32\MCMLDS.dll
2010-12-06 06:23:39--------d-----w-c:\program files\Microsoft
2010-12-06 06:22:46--------d-----w-c:\programdata\UAB
2010-12-06 06:22:40--------d-----w-c:\users\jeff\appdata\local\PC_Drivers_Headquarters
2010-12-06 06:22:26--------d-----w-c:\programdata\PC Drivers HeadQuarters
2010-12-06 06:22:18--------d-----w-c:\program files\MSN Toolbar Installer
2010-12-06 06:20:53--------d-----w-c:\program files\PC Drivers HeadQuarters
2010-11-15 22:54:3938577136----a-w-c:\programdata\SPL2C81.tmp
2010-11-01 16:10:41--------d-----w-c:\windows\system32\QuickTime
2010-11-01 16:10:41--------d-----w-c:\program files\WinVDIG
2010-10-29 00:08:25--------d-----w-c:\programdata\Lexmark Pro700 Series
2010-10-26 23:25:591696256----a-w-c:\windows\system32\gameux.dll
2010-10-26 01:18:13789416----a-w-c:\windows\system32\deployJava1.dll
2010-10-26 00:52:03172000----a-w-c:\programdata\SPL7BA1.tmp
2010-10-13 22:54:12168960----a-w-c:\program files\windows media player\wmplayer.exe
2010-10-13 22:54:118147456----a-w-c:\windows\system32\wmploc.DLL
2010-10-13 22:54:00125952----a-w-c:\windows\system32\srvsvc.dll
2010-10-13 22:53:5917920----a-w-c:\windows\system32\netevent.dll
2010-10-13 22:53:46339968----a-w-c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 22:53:461316864----a-w-c:\windows\system32\ole32.dll
2010-10-13 22:53:44157184----a-w-c:\windows\system32\t2embed.dll
2010-10-13 22:53:43954752----a-w-c:\windows\system32\mfc40.dll
2010-10-13 22:53:43954288----a-w-c:\windows\system32\mfc40u.dll
2010-10-13 22:53:32867328----a-w-c:\windows\system32\wmpmde.dll
2010-10-09 23:57:36106928----a-w-c:\windows\system32\GEARAspi.dll
2010-10-09 23:56:34--------d-----w-c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-24 18:31:24581192----a-w-c:\windows\system32\WinUSBCoInstaller.dll
2010-09-24 18:31:241837296----a-w-c:\windows\system32\WUDFUpdate_01009.dll
2010-09-24 18:31:241461992----a-w-c:\windows\system32\WdfCoInstaller01009.dll
2010-09-15 14:12:36502272----a-w-c:\windows\system32\usp10.dll
2010-09-15 14:12:35317952----a-w-c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:12:35128000----a-w-c:\windows\system32\spoolsv.exe
2010-09-11 08:11:07--------d-----w-c:\users\jeff\appdata\local\Apple Computer
2010-08-30 01:59:21--------d-----w-c:\users\jeff\appdata\local\ArcSoft
2010-08-30 01:57:50--------d--h--w-c:\programdata\ArcSoft
2010-08-30 01:56:2118688----a-w-c:\windows\system32\drivers\afc.sys
2010-08-30 01:56:19--------d-----w-c:\program files\Kodak
2010-08-23 03:22:01238872------w-c:\windows\system32\MpSigStub.exe
2010-08-12 06:05:0781920----a-w-c:\windows\system32\iccvid.dll
2010-08-12 06:05:0110926592----a-w-c:\program files\movie maker\MOVIEMK.dll
2010-08-12 06:05:00150016----a-w-c:\program files\movie maker\MOVIEMK.exe

shannon1970 · Nov 1, 2013

2010-08-12 06:04:5736864----a-w-c:\windows\system32\rtutils.dll
2010-07-11 22:47:40453456----a-w-c:\windows\system32\d3dx10_41.dll
2010-07-11 22:47:401846632----a-w-c:\windows\system32\D3DCompiler_41.dll
2010-06-29 23:19:26--------d-----w-c:\users\jeff\appdata\roaming\LEGO Company
2010-06-23 10:01:0799176----a-w-c:\windows\system32\PresentationHostProxy.dll
2010-06-23 10:01:0749472----a-w-c:\windows\system32\netfxperf.dll
2010-06-23 10:01:07297808----a-w-c:\windows\system32\mscoree.dll
2010-06-23 10:01:07295264----a-w-c:\windows\system32\PresentationHost.exe
2010-06-23 10:01:071130824----a-w-c:\windows\system32\dfshim.dll
2010-06-21 08:01:12--------d-----w-c:\users\jeff\appdata\local\FUJIFILM
2010-06-21 08:00:313495784----a-w-c:\windows\system32\d3dx9_33.dll
2010-06-21 07:59:40--------d-----w-c:\programdata\FUJIFILM
2010-06-21 07:59:36--------d-----w-c:\program files\FUJIFILM
2010-06-21 07:55:1267072----a-w-c:\windows\system32\asycfilt.dll
2010-05-27 15:05:26--------d-----w-c:\program files\WFSize2.x
2010-05-27 15:05:21249856------w-c:\windows\Setup1.exe
2010-05-27 15:05:2073216----a-w-c:\windows\ST6UNST.EXE
2010-05-24 23:07:56--------d-----w-c:\windows\system32\EventProviders
2010-05-22 01:10:26--------d-----w-c:\users\jeff\appdata\local\Roblox
2010-05-14 19:56:15506447----a-w-c:\programdata\SPL1AC5.tmp
2010-05-12 07:52:201616384----a-w-c:\program files\windows mail\msoe.dll
2010-04-15 02:12:0462464----a-w-c:\windows\system32\l3codeca.acm
2010-04-15 02:12:04220672----a-w-c:\windows\system32\l3codecp.acm
2010-04-15 02:11:55200704----a-w-c:\windows\system32\iphlpsvc.dll
2010-04-15 02:11:5425088----a-w-c:\windows\system32\drivers\tunnel.sys
2010-04-14 04:59:0698304----a-w-c:\windows\system32\cabview.dll
2010-04-12 14:32:19--------d-----w-c:\users\jeff\appdata\local\NewSoft
2010-04-12 14:30:0973810----a-w-c:\windows\system32\RAPI.DLL
2010-04-12 14:30:09434252----a-w-c:\windows\system32\MSVCRTD.DLL
2010-04-12 14:30:08929844----a-w-c:\windows\system32\MFC42D.DLL
2010-04-12 14:30:0741044----a-w-c:\windows\system32\CEUTIL.DLL
2010-04-12 14:28:49--------d-----w-c:\program files\Newsoft
2010-04-02 16:38:44--------d-----w-c:\users\jeff\appdata\local\Nova Development
2010-04-02 16:38:38--------d-----w-c:\users\jeff\appdata\roaming\Creative Home
2010-04-01 03:25:36--------d-----w-c:\users\jeff\appdata\roaming\Pro700 Series
2010-04-01 03:14:03--------d-----w-c:\program files\common files\Nova Development
2010-04-01 03:13:29--------d-----w-c:\programdata\Creative Home
2010-04-01 03:13:29--------d-----w-c:\program files\Creative Home
2010-03-30 04:56:20--------d-----w-c:\programdata\Ezprint
2010-03-30 04:35:53--------d-----w-c:\programdata\Lx_cats
2010-03-30 04:19:40--------d-----w-c:\program files\Abbyy FineReader 6.0 Sprint
2010-03-30 04:19:2249152----a-w-c:\windows\system32\LXEEPMON.DLL
2010-03-30 04:19:2232768----a-w-c:\windows\system32\LXEEFXPU.DLL
2010-03-30 04:19:0249152----a-w-c:\windows\system32\IM31IMG.DIL
2010-03-30 04:19:024485120----a-w-c:\windows\system32\LXEEoem.dll
2010-03-30 04:19:0198345----a-w-c:\windows\system32\IMHOST32.DLL
2010-03-30 04:19:0198304----a-w-c:\windows\system32\IM31XPNG.DEL
2010-03-30 04:19:0169632----a-w-c:\windows\system32\IM31XTIF.DEL
2010-03-30 04:19:01339968----a-w-c:\windows\system32\IMGMAN32.DLL
2010-03-30 04:18:54--------d-----w-c:\programdata\Pro700 Series
2010-03-30 04:18:2620632----a-w-c:\windows\system32\dopdfmn6.dll
2010-03-30 04:18:2618072----a-w-c:\windows\system32\dopdfmi6.dll
2010-03-30 04:18:15--------d-----w-c:\program files\Softland
2010-03-30 04:16:51--------d-----w-c:\program files\Lexmark Printable Web
2010-03-30 04:04:35299008----a-w-c:\windows\system32\LXEEsm.dll
2010-03-30 04:04:3523552----a-w-c:\windows\system32\LXEEsmr.dll
2010-03-23 05:13:52--------d-----w-c:\users\jeff\appdata\local\Apple
2010-03-18 20:16:28771424----a-w-c:\windows\system32\msvcr100_clr0400.dll
2010-03-11 11:01:0224064----a-w-c:\windows\system32\nshhttp.dll
2010-03-11 11:00:48411648----a-w-c:\windows\system32\drivers\http.sys
2010-03-11 11:00:4730720----a-w-c:\windows\system32\httpapi.dll
2010-03-11 00:22:5023040----a-w-c:\program files\movie maker\WMM2EXT.dll
2010-03-11 00:22:50195072----a-w-c:\program files\movie maker\WMM2AE.dll
2010-02-24 15:48:41526336----a-w-c:\windows\system32\RMActivate_isv.exe
2010-02-24 15:48:41518144----a-w-c:\windows\system32\RMActivate.exe
2010-02-24 15:48:39471552----a-w-c:\windows\system32\secproc_isv.dll
2010-02-24 15:48:39471552----a-w-c:\windows\system32\secproc.dll
2010-02-24 15:48:39347136----a-w-c:\windows\system32\RMActivate_ssp.exe
2010-02-24 15:48:38346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 15:48:38332288----a-w-c:\windows\system32\msdrm.dll
2010-02-24 15:48:38152064----a-w-c:\windows\system32\secproc_ssp.dll
2010-02-24 15:48:37152576----a-w-c:\windows\system32\secproc_ssp_isv.dll
2010-02-10 14:48:0130720----a-w-c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 14:47:5131744----a-w-c:\windows\system32\msvidc32.dll
2010-02-10 14:47:5122528----a-w-c:\windows\system32\msyuv.dll
2010-02-10 14:47:5113312----a-w-c:\windows\system32\msrle32.dll
2010-02-10 14:47:5112288----a-w-c:\windows\system32\tsbyuv.dll
2010-02-10 14:47:5091136----a-w-c:\windows\system32\avifil32.dll
2010-02-10 14:47:5082944----a-w-c:\windows\system32\mciavi32.dll
2010-02-10 14:47:5050176----a-w-c:\windows\system32\iyuv_32.dll
2010-02-10 14:47:50123904----a-w-c:\windows\system32\msvfw32.dll
2010-01-08 08:19:02265720----a-w-c:\program files\internet explorer\msdbg2.dll
2010-01-08 08:19:01355832----a-w-c:\program files\internet explorer\pdm.dll
2010-01-03 21:08:44645120----a-w-c:\windows\system32\drivers\WUSB54GCv3.sys
2010-01-03 20:59:56--------d-----w-c:\users\jeff\appdata\local\Symantec
2010-01-03 19:55:32--------d-----w-c:\program files\Linksys
2010-01-03 19:54:51--------d-----w-c:\program files\common files\Pure Networks Shared
2010-01-03 19:54:38--------d-----w-c:\programdata\Pure Networks
2009-12-10 00:45:41243712----a-w-c:\windows\system32\rastls.dll
2009-11-25 06:48:14714240----a-w-c:\windows\system32\timedate.cpl
2009-11-11 18:17:23355328----a-w-c:\windows\system32\WSDApi.dll
2009-11-08 16:35:43--------d-----w-c:\users\jeff\appdata\roaming\E-centives
2009-11-08 16:35:40439848----a-w-c:\users\jeff\appdata\roaming\microsoft\windows\start menu\programs\e-centives\UninstallCouponActivator.exe
2009-10-28 14:19:591418752----a-w-c:\program files\windows media player\setup_wm.exe
2009-10-28 14:19:58310784----a-w-c:\windows\system32\unregmp2.exe
2009-10-26 05:40:53--------d-----w-c:\program files\Nikon
2009-10-26 05:40:53--------d-----w-c:\program files\common files\Nikon
2009-10-23 19:03:07--------d-----w-c:\windows\ltinst
2009-10-14 14:28:09218624----a-w-c:\windows\system32\msv1_0.dll
2009-10-14 14:27:0760928----a-w-c:\windows\system32\msasn1.dll
2009-10-14 14:24:51604672----a-w-c:\windows\system32\WMSPDMOD.DLL
2009-09-29 15:41:42151552----a-w-c:\windows\system32\glew32.dll
2009-09-29 15:41:40237568----a-w-c:\windows\system32\glut32.dll
2009-09-29 15:41:401175552----a-w-c:\windows\system32\msvcr80d.dll
2009-09-08 22:01:11105984----a-w-c:\windows\system32\netiohlp.dll
2009-09-08 22:01:109728----a-w-c:\windows\system32\TCPSVCS.EXE
2009-09-08 22:01:108704----a-w-c:\windows\system32\HOSTNAME.EXE
2009-09-08 22:01:1027136----a-w-c:\windows\system32\NETSTAT.EXE
2009-09-08 22:01:1019968----a-w-c:\windows\system32\ARP.EXE
2009-09-08 22:01:1017920----a-w-c:\windows\system32\ROUTE.EXE
2009-09-08 22:01:1011264----a-w-c:\windows\system32\MRINFO.EXE
2009-09-08 22:01:1010240----a-w-c:\windows\system32\finger.exe
2009-09-08 22:00:0668096----a-w-c:\windows\system32\wlanhlp.dll
2009-09-08 22:00:0665024----a-w-c:\windows\system32\wlanapi.dll
2009-09-08 22:00:06513536----a-w-c:\windows\system32\wlansvc.dll
2009-09-08 22:00:06302592----a-w-c:\windows\system32\wlansec.dll
2009-09-08 22:00:06293376----a-w-c:\windows\system32\wlanmsm.dll
2009-09-08 22:00:06127488----a-w-c:\windows\system32\L2SecHC.dll
2009-09-08 22:00:0153248----a-w-c:\windows\system32\rrinstaller.exe
2009-09-08 22:00:0124576----a-w-c:\windows\system32\mfpmp.exe
2009-09-08 22:00:002048----a-w-c:\windows\system32\mferror.dll
2009-08-21 01:50:46--------d-----w-c:\users\jeff\appdata\roaming\Malwarebytes
2009-08-21 01:50:38--------d-----w-c:\programdata\Malwarebytes
2009-08-20 22:07:43--------d-----w-c:\programdata\Norton
2009-08-20 22:06:50--------d-----w-c:\programdata\NortonInstaller
2009-08-20 15:27:01--------d-----w-c:\program files\PC Tools AntiVirus
2009-08-20 15:16:31--------d-----w-c:\programdata\PC Tools
2009-08-13 23:22:30499712----a-w-c:\windows\system32\kerberos.dll
2009-08-13 23:22:29175104----a-w-c:\windows\system32\wdigest.dll
2009-08-11 19:32:2871680----a-w-c:\windows\system32\atl.dll
2009-08-11 19:32:27160256----a-w-c:\windows\system32\wkssvc.dll
2009-08-11 19:32:224096----a-w-c:\windows\system32\msdxm.ocx
2009-08-11 19:32:224096----a-w-c:\windows\system32\dxmasf.dll
2009-08-11 19:32:22313344----a-w-c:\windows\system32\wmpdxm.dll
2009-08-11 19:32:22107520----a-w-c:\program files\windows media player\wmpshare.exe
2009-08-11 19:32:22107520----a-w-c:\program files\windows media player\wmpconfig.exe
2009-08-11 19:32:217680----a-w-c:\windows\system32\spwmp.dll
2009-08-11 19:32:2043520----a-w-c:\windows\system32\msdxm.tlb
2009-08-11 19:32:2018432----a-w-c:\windows\system32\amcompat.tlb
2009-08-11 19:32:1553248----a-w-c:\windows\system32\tsgqec.dll
2009-08-11 19:32:15136192----a-w-c:\windows\system32\aaclient.dll
2009-08-04 17:56:59758784----a-w-c:\windows\system32\qmgr.dll
2009-08-04 17:55:5997792----a-w-c:\windows\system32\mprapi.dll
2009-08-03 22:07:42403816----a-w-c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07:42322928----a-w-c:\windows\system32\OGAAddin.dll
2009-08-03 22:07:42230768----a-w-c:\windows\system32\OGAEXEC.exe
2009-07-21 07:05:401348432----a-w-c:\windows\system32\msxml4.dll
2009-07-15 14:13:5523552----a-w-c:\windows\system32\lpk.dll
2009-07-15 14:13:5510240----a-w-c:\windows\system32\dciman32.dll
2009-07-12 19:56:32--------d-----w-c:\programdata\Astar Games
2009-07-12 19:41:59--------d-----w-c:\users\jeff\appdata\roaming\Flood Light Games
2009-07-12 19:41:59--------d-----w-c:\programdata\Flood Light Games
2009-07-12 06:50:53--------d-----w-c:\users\jeff\appdata\roaming\FloodLightGames
2009-07-12 06:50:53--------d-----w-c:\programdata\FloodLightGames
2009-07-10 15:44:57--------d-----w-c:\users\jeff\appdata\roaming\Enlightenus
2009-06-18 16:14:1078848----a-w-c:\windows\system32\E_FD4BAFA.DLL
2009-06-13 04:49:54--------d-----w-c:\programdata\Meridian93
2009-06-13 04:49:09--------d-----w-c:\users\jeff\appdata\roaming\Meridian93
2009-06-11 18:57:06--------d-----w-c:\users\jeff\appdata\roaming\Artogon
2009-06-11 04:16:47--------d-----w-c:\users\jeff\appdata\local\Game Mill Files
2009-06-02 19:12:48--------d-----w-c:\programdata\AdventureChronicles1
2009-06-01 05:12:43--------d-----w-c:\users\jeff\appdata\roaming\BigFishv1005
2009-05-24 14:36:42501248----a-w-c:\windows\system32\drivers\netr73.sys
2009-05-22 16:03:38221184----a-w-c:\windows\system32\RaCoInst.dll
2009-05-21 15:41:21738120----a-w-c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2009-05-16 06:19:41416128----a-w-c:\programdata\microsoft\ehome\packages\nettv\browse\NetTVResources.dll
2009-05-12 00:28:10--------d-----w-c:\users\jeff\appdata\local\AlwaysNeat
2009-04-28 04:13:42--------d-----w-c:\users\jeff\appdata\roaming\Ubisoft
2009-04-27 19:53:46--------d-----w-c:\users\jeff\appdata\local\JollyBear
2009-04-27 19:53:46--------d-----w-c:\programdata\JollyBear
2009-04-27 02:50:24--------d-----w-c:\users\jeff\appdata\local\Gamenauts
2009-04-25 04:40:28--------d-----w-c:\users\jeff\appdata\local\Slapdash Games
2009-04-25 04:40:28--------d-----w-c:\programdata\Slapdash Games
2009-04-25 03:13:11--------d-----w-c:\programdata\MonteCristo
2009-04-21 04:29:01--------d-----w-c:\users\jeff\appdata\roaming\BigFishv1002
2009-04-20 21:06:44--------d-----w-c:\users\jeff\appdata\roaming\HiT-MM
2009-04-19 04:57:54--------d-----w-c:\users\jeff\appdata\roaming\Vogat Interactive
2009-04-18 05:53:02--------d-----w-c:\users\jeff\appdata\local\Ph03nixNewMedia
2009-04-18 04:48:38--------d-----w-c:\programdata\Redrum
2009-04-18 03:27:11--------d-----w-c:\users\jeff\appdata\roaming\Skunk Studios
2009-04-18 03:19:34--------d-----w-c:\program files\bfgclient
2009-04-18 03:18:53--------d-----w-C:\BigFishGamesCache
2009-04-02 06:44:12--------d-----w-c:\users\jeff\appdata\roaming\RobinsonCrusoe
2009-04-01 03:57:17--------d-----w-c:\users\jeff\appdata\roaming\Lost in the City
2009-03-31 07:42:39--------d-----w-c:\users\jeff\appdata\roaming\SerpentOfIsis
2009-03-31 06:37:13--------d-----w-c:\users\jeff\appdata\roaming\Gold Casual Games
2009-03-31 06:37:13--------d-----w-c:\programdata\Gold Casual Games
2009-03-04 02:31:55729088----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2009-03-04 02:31:5569715----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2009-03-04 02:31:555632----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2009-03-04 02:31:55311428----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2009-03-04 02:31:55266240----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2009-03-04 02:31:55192512----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2009-03-04 02:31:55188548----a-w-c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2009-03-04 02:30:00104992----a-w-c:\windows\RTKAUDIOSERVICE.EXE
2009-02-26 19:21:3010340720----a-w-c:\program files\common files\microsoft shared\office12\1033\MSOINTL.DLL
2009-02-26 06:25:5679744----a-w-c:\program files\common files\microsoft shared\office12\1033\xlsrvintl.dll
2009-02-12 19:58:34162640----a-w-c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll
2009-02-12 19:58:32969552----a-w-c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll
2009-02-11 19:48:28551456----a-w-c:\windows\system32\RTSndMgr.cpl
2009-02-11 19:48:20998432----a-w-c:\windows\system32\RtkPgExt.dll
2009-02-11 19:48:08326176----a-w-c:\windows\system32\RtkApoApi.dll
2009-02-11 19:38:142324512----a-w-c:\windows\system32\drivers\RTKVHDA.sys
2009-01-12 20:37:52282624----a-w-c:\windows\system32\RTPCEE32.dll
2008-10-28 15:17:59--------d-----w-c:\windows\McAfee.com
2008-10-08 11:56:42141312----a-w-c:\windows\system32\AERTACap.dll
2008-09-25 15:52:3460416----a-w-c:\windows\system32\AERTARen.dll
2008-08-30 10:00:5618904----a-w-c:\windows\system32\StructuredQuerySchemaTrivial.bin
2008-08-13 04:10:19--------d-----w-c:\users\jeff\appdata\local\Apps
2008-08-09 16:41:43652296----a-w-c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2008-08-02 02:51:141052704----a-w-c:\windows\system32\drivers\nvmfdx32.sys
2008-08-02 01:35:00207872----a-w-c:\windows\system32\fdco6.dll
2008-07-30 03:33:12446464----a-w-c:\windows\system32\nvunrm.exe
2008-06-01 17:11:3346080----a-w-c:\windows\system32\escimgd.dll
2008-06-01 17:11:3322016----a-w-c:\windows\system32\esccmd.dll
2008-05-26 20:07:58--------d-----w-c:\users\jeff\appdata\local\Google
2008-05-24 21:16:48--------d-----w-c:\windows\PCHEALTH
2008-05-23 23:09:037796464----a-w-c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2008-05-23 00:03:31--------d-----w-c:\users\jeff\appdata\local\HP Guide
2008-05-23 00:01:26--------d-----w-c:\users\jeff\appdata\local\Hewlett-Packard
2008-05-22 23:42:17--------d-----w-c:\programdata\EPSON
2008-05-22 23:41:3586528----a-w-c:\windows\system32\E_FLBAFA.DLL
2008-05-22 23:41:23--------d-----w-c:\program files\EPSON
2008-05-22 23:41:08--------d-----w-C:\epson
2008-05-22 23:38:35--------d-----w-c:\users\jeff\appdata\local\Adobe
2008-05-22 21:14:33--------d-----w-c:\users\jeff\appdata\local\Microsoft Games
2008-05-22 21:13:27--------d-----w-c:\users\jeff\appdata\roaming\WildTangent
2008-05-22 20:43:49--------d-----w-c:\users\jeff\appdata\roaming\Symantec
2008-05-22 19:29:36--------d-----w-c:\users\jeff\appdata\local\VirtualStore
2008-05-08 12:05:18266752----a-w-c:\windows\system32\drivers\HSXHWBS2.sys
2008-05-08 12:04:16661504----a-w-c:\windows\system32\drivers\HSX_CNXT.sys
2008-05-08 12:03:18980992----a-w-c:\windows\system32\drivers\HSX_DP.sys
2008-04-29 12:49:26237568----a-w-c:\windows\system32\UCI32M29.dll
2008-02-22 02:35:10--------d-----w-c:\windows\SMINST
2008-02-22 02:29:44--------d-----w-c:\programdata\Symantec
2008-02-22 02:29:42--------d-----w-c:\program files\common files\Symantec Shared
2008-02-22 02:27:00--------d-----w-c:\program files\earthlink totalaccess
2008-02-22 02:24:58--------d-----w-c:\programdata\WildTangent
2008-02-22 02:24:58--------d-----w-c:\program files\HP Games
2008-02-22 02:24:31--------d-----w-c:\program files\AWS
2008-02-22 02:23:49--------d-----r-c:\program files\Online Services
2008-02-22 02:22:51753664----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2008-02-22 02:22:5169714----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2008-02-22 02:22:515632----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2008-02-22 02:22:51331908----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2008-02-22 02:22:5132768----a-w-c:\program files\common files\installshield\professional\runtime\Objectps.dll
2008-02-22 02:22:51274432----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2008-02-22 02:22:51200836----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2008-02-22 02:22:51184320----a-w-c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2008-02-22 02:22:09--------d-----w-c:\programdata\PC-Doctor
2008-02-22 02:21:53--------d-----w-c:\program files\PC-Doctor 5 for Windows
2008-02-22 02:15:5954936----a-w-c:\windows\system32\jureg.exe
2008-02-22 02:15:10--------d-----w-c:\program files\Snapfish Picture Mover
2008-02-22 02:13:4965536----a-w-c:\windows\system32\HP_Demo.scr
2008-02-22 02:13:26--------d-----w-c:\program files\muvee Technologies
2008-02-22 02:13:26--------d-----w-c:\program files\common files\muvee Technologies
2008-02-22 02:13:10--------d-----w-c:\program files\LightScribeTemplateLabeler
2008-02-22 02:10:44--------d---a-w-c:\program files\common files\LS Getting Started
2008-02-22 02:05:151053232----a-w-c:\windows\system32\MFC71u.dll
2008-02-22 01:57:27768544----a-w-c:\windows\system32\nvcplui.exe
2008-02-22 01:57:27420384----a-w-c:\windows\system32\nvcpl.cpl
2008-02-22 01:57:27313888----a-w-c:\windows\system32\nvexpbar.dll
2008-02-22 01:57:271079840----a-w-c:\windows\system32\nvcpluir.dll
2008-02-22 01:57:1492704----a-w-c:\windows\system32\nvmctray.dll
2008-02-22 01:57:14526880----a-w-c:\windows\system32\nvsvc.dll
2008-02-22 01:57:14446464----a-w-c:\windows\system32\nvuninst.exe
2008-02-22 01:57:13795104----a-w-c:\windows\system32\dpinst.exe
2008-02-22 01:57:1335328----a-w-c:\windows\system32\nvcod100.dll
2008-02-22 01:57:1313539872----a-w-c:\windows\system32\nvcpl.dll
2008-02-22 01:56:46140320----a-w-c:\windows\system32\drivers\nvstor32.sys
2008-02-22 01:56:3861440----a-w-c:\windows\system32\OsdRemove.exe
2008-02-22 01:56:2219072----a-w-c:\windows\system32\drivers\PS2.sys
2008-02-22 01:55:40253952----a-w-c:\windows\system32\cPC_DMIRD.dll
2008-02-22 01:54:01327680----a-w-c:\windows\system32\pythoncom25.dll
2008-02-22 01:54:01102400----a-w-c:\windows\system32\pywintypes25.dll
2008-02-22 01:53:55348160----a-w-c:\windows\system32\msvcr71.dll
2008-02-22 01:53:551066544----a-w-c:\windows\system32\MFC71.dll
2008-02-22 01:53:11--------d-sh--w-c:\windows\Installer
2008-02-22 01:49:09--------d-----w-c:\program files\CONEXANT
2008-02-22 01:48:54--------d-----w-c:\windows\system32\RTCOM
2008-02-22 01:44:37--------d--h--w-C:\hp
2008-02-22 01:44:3245600----a-w-c:\windows\system32\RtkCoInst.dll
2008-02-22 01:44:32339968----a-w-c:\windows\system32\SRSTSXT.dll
2008-02-22 01:44:322523680----a-w-c:\windows\system32\RtkAPO.dll
2008-02-22 01:44:32135168----a-w-c:\windows\system32\SRSWOW.dll
2008-02-22 01:44:1994208----a-w-c:\windows\system32\mdmxsdk.dll
2008-02-22 01:44:19386560----a-w-c:\windows\system32\drivers\XAudio.exe
2008-02-22 01:44:19221184----a-w-c:\windows\system32\UCI32M22.dll
2008-02-22 01:44:1912672----a-w-c:\windows\system32\drivers\mdmxsdk.sys
2008-02-22 01:44:11203264----a-w-c:\windows\system32\fdco1ins.dll
2008-02-22 01:44:11203264----a-w-c:\windows\system32\fdco1.dll
2008-02-22 01:44:11122880----a-w-c:\windows\system32\nvconrm.dll
2008-02-22 01:35:1140960----a-w-c:\program files\online services\quickenfc\WizLink.exe
2008-02-22 01:34:4040960----a-w-c:\program files\online services\esp\WizLink.exe
2008-01-21 03:13:206656----a-w-c:\windows\system32\drivers\errdev.sys
2008-01-21 03:11:1645568----a-w-c:\windows\system32\drivers\blbdrive.sys
2008-01-21 03:10:19386616----a-w-c:\windows\system32\drivers\MegaSR.sys
2008-01-21 02:32:31--------d-----w-C:\PerfLogs
2008-01-21 02:24:5981920----a-w-c:\windows\system32\QSVRMGMT.DLL
2008-01-21 02:23:594495360----a-w-c:\windows\system32\NlsData0010.dll
2008-01-02 17:56:0422856----a-w-c:\windows\system32\drivers\mbam.sys
2008-01-02 17:56:04--------d-----w-c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2013-09-22 10:22:591800704----a-w-c:\windows\system32\jscript9.dll
2013-09-22 10:14:391427968----a-w-c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:221129472----a-w-c:\windows\system32\wininet.dll
2013-09-22 10:08:41142848----a-w-c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58420864----a-w-c:\windows\system32\vbscript.dll
2013-09-22 10:03:182382848----a-w-c:\windows\system32\mshtml.tlb
2013-07-12 09:04:2168608----a-w-c:\windows\system32\drivers\usbcir.sys
2013-07-04 04:21:15532480----a-w-c:\windows\system32\comctl32.dll
2013-07-03 02:33:4535328----a-w-c:\windows\system32\drivers\usbscan.sys
2013-07-03 02:10:5025472----a-w-c:\windows\system32\drivers\hidparse.sys
2013-06-29 02:07:15197632----a-w-c:\windows\system32\drivers\usbhub.sys
2013-06-29 02:07:0473216----a-w-c:\windows\system32\drivers\usbccgp.sys
2013-06-29 02:07:01226304----a-w-c:\windows\system32\drivers\usbport.sys
2013-06-29 02:06:536016----a-w-c:\windows\system32\drivers\usbd.sys
2013-06-26 23:01:59527064----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-06-04 04:16:3534304----a-w-c:\windows\system32\atmlib.dll
2013-06-04 01:49:59293376----a-w-c:\windows\system32\atmfd.dll
2012-07-26 03:26:032560----a-w-c:\windows\system32\drivers\en-us\wdf01000.sys.mui
2011-08-05 19:40:583584----a-w-c:\windows\system32\drivers\umdf\zh-tw\ZuneDriver.dll.mui
2011-08-05 19:40:543584----a-w-c:\windows\system32\drivers\umdf\zh-cn\ZuneDriver.dll.mui
2011-08-05 19:40:486144----a-w-c:\windows\system32\drivers\umdf\sv-se\ZuneDriver.dll.mui
2011-08-05 19:40:426144----a-w-c:\windows\system32\drivers\umdf\ru-ru\ZuneDriver.dll.mui
2011-08-05 19:40:366144----a-w-c:\windows\system32\drivers\umdf\pt-pt\ZuneDriver.dll.mui
2011-08-05 19:40:306144----a-w-c:\windows\system32\drivers\umdf\pt-br\ZuneDriver.dll.mui
2011-08-05 19:40:266144----a-w-c:\windows\system32\drivers\umdf\pl-pl\ZuneDriver.dll.mui
2011-08-05 19:40:186656----a-w-c:\windows\system32\drivers\umdf\nl-nl\ZuneDriver.dll.mui
2011-08-05 19:40:125632----a-w-c:\windows\system32\drivers\umdf\nb-no\ZuneDriver.dll.mui
2011-08-05 19:40:086144----a-w-c:\windows\system32\drivers\umdf\ms-my\ZuneDriver.dll.mui
2011-08-05 19:40:024096----a-w-c:\windows\system32\drivers\umdf\ko-kr\ZuneDriver.dll.mui
2011-08-05 19:39:564608----a-w-c:\windows\system32\drivers\umdf\ja-jp\ZuneDriver.dll.mui
2011-08-05 19:39:526656----a-w-c:\windows\system32\drivers\umdf\it-it\ZuneDriver.dll.mui
2011-08-05 19:39:466144----a-w-c:\windows\system32\drivers\umdf\id-id\ZuneDriver.dll.mui
2011-08-05 19:39:406656----a-w-c:\windows\system32\drivers\umdf\hu-hu\ZuneDriver.dll.mui
2011-08-05 19:39:366144----a-w-c:\windows\system32\drivers\umdf\fr-fr\ZuneDriver.dll.mui
2011-08-05 19:39:306144----a-w-c:\windows\system32\drivers\umdf\fi-fi\ZuneDriver.dll.mui
2011-08-05 19:39:246656----a-w-c:\windows\system32\drivers\umdf\es-es\ZuneDriver.dll.mui
2011-08-05 19:39:186656----a-w-c:\windows\system32\drivers\umdf\el-gr\ZuneDriver.dll.mui
2011-08-05 19:39:126144----a-w-c:\windows\system32\drivers\umdf\de-de\ZuneDriver.dll.mui
2011-08-05 19:39:066144----a-w-c:\windows\system32\drivers\umdf\da-dk\ZuneDriver.dll.mui
2011-08-05 19:39:005632----a-w-c:\windows\system32\drivers\umdf\cs-cz\ZuneDriver.dll.mui
2011-08-05 19:26:346144----a-w-c:\windows\system32\drivers\umdf\en-us\ZuneDriver.dll.mui
2011-05-05 16:01:288704----a-w-c:\windows\system32\hccoin.dll
2011-05-05 16:01:2815872----a-w-c:\windows\system32\hcrstco.dll
2011-05-05 13:54:0739936----a-w-c:\windows\system32\drivers\usbehci.sys
2011-05-05 13:54:0719456----a-w-c:\windows\system32\drivers\usbohci.sys
2011-03-03 15:40:07173056----a-w-c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05542720----a-w-c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05458752----a-w-c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:042159616----a-w-c:\windows\apppatch\AcGenral.dll
2011-01-20 16:08:16478720----a-w-c:\windows\system32\dxgi.dll
2011-01-20 16:07:42258048----a-w-c:\windows\system32\winspool.drv
2011-01-20 16:07:16586240----a-w-c:\windows\system32\stobject.dll
2011-01-20 16:06:382873344----a-w-c:\windows\system32\mf.dll
2011-01-20 16:06:3526112----a-w-c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:5498816----a-w-c:\windows\system32\mfps.dll
2011-01-20 16:04:54209920----a-w-c:\windows\system32\mfplat.dll
2011-01-20 14:28:381554432----a-w-c:\windows\system32\xpsservices.dll
2011-01-20 14:26:30667648----a-w-c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25847360----a-w-c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26135680----a-w-c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10979456----a-w-c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39357376----a-w-c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03302592----a-w-c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03261632----a-w-c:\windows\system32\mfreadwrite.dll
2009-11-03 21:46:5436864----a-w-c:\windows\system32\drivers\en-us\http.sys.mui
2009-10-09 21:56:2741472----a-w-c:\windows\system32\pwrshplugin.dll
2009-10-09 21:56:181181696----a-w-c:\windows\system32\WsmSvc.dll
2009-10-09 21:56:17214016----a-w-c:\windows\system32\WsmWmiPl.dll
2009-10-09 21:56:1712800----a-w-c:\windows\system32\wsmprovhost.exe
2009-10-09 21:56:1320480----a-w-c:\windows\system32\winrshost.exe
2009-10-09 21:56:0810240----a-w-c:\windows\system32\wsmplpxy.dll
2009-10-09 21:56:0640448----a-w-c:\windows\system32\winrs.exe
2009-10-09 21:56:04241152----a-w-c:\windows\system32\winrscmd.dll
2009-10-09 21:56:03246272----a-w-c:\windows\system32\WSManHTTPConfig.exe
2009-10-09 21:56:0310240----a-w-c:\windows\system32\winrssrv.dll
2009-10-09 21:56:01145408----a-w-c:\windows\system32\WsmAuto.dll
2009-10-09 21:55:5979872----a-w-c:\windows\system32\wecutil.exe
2009-10-09 21:55:55252416----a-w-c:\windows\system32\WSManMigrationPlugin.dll
2009-10-09 21:55:5354272----a-w-c:\windows\system32\WsmRes.dll
2009-10-09 21:55:52146944----a-w-c:\windows\system32\wecsvc.dll
2009-10-09 21:55:5081408----a-w-c:\windows\system32\wevtfwd.dll
2009-10-09 21:55:5056320----a-w-c:\windows\system32\wecapi.dll
2009-10-08 23:12:094096----a-w-c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2009-10-01 01:08:103072----a-w-c:\windows\system32\drivers\umdf\en-us\wpdmtpdr.dll.mui
2009-10-01 01:02:172537472----a-w-c:\windows\system32\wpdshext.dll
2009-10-01 01:02:0530208----a-w-c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04334848----a-w-c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:0287552----a-w-c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:0031232----a-w-c:\windows\system32\BthMtpContextHandler.dll
2009-09-25 02:10:10974848----a-w-c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08189440----a-w-c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32321024----a-w-c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:33:25195584----a-w-c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:01369664----a-w-c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59252928----a-w-c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53519680----a-w-c:\windows\system32\d3d11.dll
2009-08-01 06:27:37201184----a-w-c:\windows\system32\winrm.vbs
2009-04-11 06:33:19986600----a-w-c:\windows\system32\winload.exe
2009-04-11 06:33:19926184----a-w-c:\windows\system32\winresume.exe
2009-04-11 06:33:03292840----a-w-c:\windows\system32\drivers\volmgrx.sys
.
============= FINISH: 10:57:07.99 ===============

shannon1970 · Nov 1, 2013

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/19/2008 12:33:58 PM
System Uptime: 1/2/2008 9:39:53 AM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Acacia
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 101.52 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.284 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaConverter 8
ArcSoft MediaImpression for Kodak
Ask Toolbar
Ask Toolbar Updater
avast! Free Antivirus
AVG SafeGuard toolbar
Big Fish Games Client
Bing Bar
Bing Desktop
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Cisco Connect
Compatibility Pack for the 2007 Office system
Cricut Craft Room
Cricut Mini (TM) Driver v1.01
CyberLink DVD Suite Deluxe
D3DX10
doPDF 6.2 printer
Driver Detective
DriverUpdate
EasySolve
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
FoxTab PDF Creator
FUJIFILM MyFinePix Studio 1.0
Google Chrome
Google Drive
Google Earth
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.5.0.457
Hallmark Card Studio Express
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Easy Setup - Frontend
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Update
HPPhotoSmartPhotobookWebPack1
I.R.I.S. OCR
iCloud
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
LabelPrint
Lexmark Printable Web
Lexmark Toolbar
LightScribe System Software
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NEF Codec
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Picasa 3
Power2Go
PowerDirector
Presto! BizCard 5
Presto! BizCard Component for Windows CE
PSSWCORE
Python 2.5
QuickTime
RadioRage Toolbar
Realtek High Definition Audio Driver
ROBLOX Player for Jeff
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Segoe UI
Shockwave
Skype™ 5.10
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
StartNow Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VideoToolkit01
WARDFLEX Sizing Program 2.2.x
WARDFLEX Sizing Program 2.x
WARDFLEX Sizing Program 2.x (C:\Program Files\WFSize2.x\)
WARDFLEX Sizing Program 2.x (C:\Program Files\WFSize2.x\) #3
WeatherBug Gadget
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
WinVDIG 1.0
WiseConvert Toolbar
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================

Broni · Nov 1, 2013

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

shannon1970 · Nov 2, 2013

During the very beggining of the scan of the Malwarebytes Anti-Rootkit it said if found 2 Malware and froze. When I go to close the program it warns me about possibly not being able to boot. Its been 12 hours is there anything else I should try before I stop the program?

shannon1970 · Nov 2, 2013

During the very beggining of the scan of the Malwarebytes Anti-Rootkit it said if found 2 Malware and froze. When I go to close the program it warns me about possibly not being able to boot. Its been 12 hours is there anything else I should try before I stop the program?

Broni · Nov 2, 2013

Stop MBAR
What about RogueKiller log?

shannon1970 · Nov 3, 2013

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Remove -- Date : 01/03/2008 11:06:56
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Jeff\AppData\Local\Temp\IHU6ED9.tmp.exe [x][x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDP725050GLA SCSI Disk Device +++++
--- User ---
[MBR] 99e3d9c7d0d0c5335096594f3e757c10
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467383 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 957200895 | Size: 9554 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Officejet Pro 86 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_01032008_110656.txt >>
RKreport[0]_S_01032008_110621.txt

Still getting Web Browser Pop Ups.

I have included MBAR folder log. I do not know if this will be helpful.

I stopped the program.

--------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 3621404672, free: 1728503808
Downloaded database version: v2013.11.02.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
01/03/2008 11:14:51
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\netr73.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Jeff\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87f96190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff87f82380
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87f94190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87f7e068
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87f86190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff87f80068
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87f84190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff87f66380
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87db2030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff87db19c8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863adac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xffffffff857fc488
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863adac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863ad7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863adac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85bfe538, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff857fc488, DeviceName: \Device\0000005e\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 957200832
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 957200895 Numsec = 19567170
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87db2030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87db16b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87db2030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87db19c8, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87f84190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f6e3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f84190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f66380, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87f86190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f7e3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f86190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f80068, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87f94190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f803e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f94190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f7e068, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff87f96190, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f82068, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f96190, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f82380, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: HKLM\SOFTWARE\CLASSES\GamevanceText.Linker --> [Adware.GameVance]
Infected: HKLM\SOFTWARE\CLASSES\GamevanceText.Linker.1 --> [Adware.GameVance]
Scan Interrupted
Scan was aborted.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

shannon1970 · Nov 3, 2013

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Remove -- Date : 01/03/2008 11:06:56
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\Jeff\AppData\Local\Temp\IHU6ED9.tmp.exe [x][x] -> DELETED
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x36772E66)
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDP725050GLA SCSI Disk Device +++++
--- User ---
[MBR] 99e3d9c7d0d0c5335096594f3e757c10
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 467383 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 957200895 | Size: 9554 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) HP Officejet Pro 86 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_01032008_110656.txt >>
RKreport[0]_S_01032008_110621.txt

Still getting Web Browser Pop Ups.

I have included MBAR folder log. I do not know if this will be helpful.

I stopped the program.

--------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.700000 GHz
Memory total: 3621404672, free: 1728503808
Downloaded database version: v2013.11.02.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
01/03/2008 11:14:51
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\nvstor32.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\PS2.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DP.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\netr73.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor32.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\Jeff\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87f96190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff87f82380
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87f94190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87f7e068
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87f86190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff87f80068
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87f84190
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff87f66380
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff87db2030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff87db19c8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863adac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000005e\
Lower Device Object: 0xffffffff857fc488
Lower Device Driver Name: \Driver\nvstor32\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863adac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863ad7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863adac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85bfe538, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff857fc488, DeviceName: \Device\0000005e\, DriverName: \Driver\nvstor32\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\SYSTEM32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 957200832
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 957200895 Numsec = 19567170
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff87db2030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87db16b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87db2030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87db19c8, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87f84190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f6e3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f84190, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f66380, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87f86190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f7e3e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f86190, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f80068, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87f94190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f803e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f94190, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f7e068, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff87f96190, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87f82068, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87f96190, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87f82380, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: HKLM\SOFTWARE\CLASSES\GamevanceText.Linker --> [Adware.GameVance]
Infected: HKLM\SOFTWARE\CLASSES\GamevanceText.Linker.1 --> [Adware.GameVance]
Scan Interrupted
Scan was aborted.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

Broni · Nov 3, 2013

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

shannon1970 · Nov 4, 2013

The date and time are wrong on the computer. Should I just go in and manually change them?

I started the Combofix scan and left the machine. When I cam back the computer had turned itself off. When I turned it back on the Combo screen was still there saying it was preparing the report. After several more minutes the report popped up.

ComboFix 13-11-03.02 - Jeff 01/04/2008 23:02:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3454.1622 [GMT -8:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\RadioRage_4j
c:\program files\RadioRage_4j\bar\1.bin\4jauxstb.dll
c:\program files\RadioRage_4j\bar\1.bin\4jbar.dll
c:\program files\RadioRage_4j\bar\1.bin\4jbarsvc.exe
c:\program files\RadioRage_4j\bar\1.bin\4jbrmon.exe
c:\program files\RadioRage_4j\bar\1.bin\4jdatact.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdlghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdyn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jfeedmg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhighin.exe
c:\program files\RadioRage_4j\bar\1.bin\4jhkstub.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhttpct.dll
c:\program files\RadioRage_4j\bar\1.bin\4jidle.dll
c:\program files\RadioRage_4j\bar\1.bin\4jieovr.dll
c:\program files\RadioRage_4j\bar\1.bin\4jimpipe.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmedint.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmlbtn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jmsg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jPlugin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jradio.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregfft.dll
c:\program files\RadioRage_4j\bar\1.bin\4jreghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregiet.dll
c:\program files\RadioRage_4j\bar\1.bin\4jscript.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jsknlcr.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskplay.exe
c:\program files\RadioRage_4j\bar\1.bin\4jSrcAs.dll
c:\program files\RadioRage_4j\bar\1.bin\4jSrchMn.exe
c:\program files\RadioRage_4j\bar\1.bin\4jtpinst.dll
c:\program files\RadioRage_4j\bar\1.bin\4juabtn.dll
c:\program files\RadioRage_4j\bar\1.bin\BOOTSTRAP.JS
c:\program files\RadioRage_4j\bar\1.bin\CHROME.MANIFEST
c:\program files\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files\RadioRage_4j\bar\1.bin\CREXT.DLL
c:\program files\RadioRage_4j\bar\1.bin\CrExtP4j.exe
c:\program files\RadioRage_4j\bar\1.bin\INSTALL.RDF
c:\program files\RadioRage_4j\bar\1.bin\installKeys.js
c:\program files\RadioRage_4j\bar\1.bin\LOGO.BMP
c:\program files\RadioRage_4j\bar\1.bin\NP4jStub.dll
c:\program files\RadioRage_4j\bar\1.bin\T8EXTEX.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8EXTPEX.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8HTML.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8RES.DLL
c:\program files\RadioRage_4j\bar\1.bin\T8TICKER.DLL
c:\program files\RadioRage_4j\bar\gen1\COMMON.T8S
c:\program files\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files\RadioRage_4j\bar\Settings\s_pid.dat
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\genfix.exe
c:\program files\StartNow Toolbar\Reactivate.exe
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\search_protect.exe
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\StartNow Toolbar\XBrowser.dll
c:\programdata\SPL2C81.tmp
c:\programdata\SPL531.tmp
c:\programdata\SPL53E.tmp
c:\programdata\SPL7BA1.tmp
c:\programdata\SPL82E7.tmp
c:\programdata\SPL8F3F.tmp
c:\programdata\SPL92B4.tmp
c:\programdata\SPLBAF5.tmp
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\searchplugins\bing-zugo.xml
c:\users\Jeff\g2mdlhlpx.exe
c:\windows\Installer\{E0B00B69-C244-46D1-BBD9-E400BB88DFCC}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
c:\windows\system32\InstallPackage_ETW.Log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
.
2013-10-29 09:17 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5107A15A-EBD9-44B0-B140-820146DD5F96}\mpengine.dll
2013-10-10 20:56 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-10-10 20:56 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-10-10 20:56 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-10-10 20:56 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-10-10 20:56 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-10-10 20:56 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-10-10 20:56 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-10-10 20:56 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-10-10 20:56 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-10-10 20:56 . 2013-08-01 03:16 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-10 20:56 . 2013-08-01 02:49 37376 ----a-w- c:\windows\system32\cdd.dll
2013-10-10 20:56 . 2013-07-20 10:44 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 20:56 . 2013-08-29 07:36 2050048 ----a-w- c:\windows\system32\win32k.sys
2013-09-27 14:54 . 2008-01-02 19:43 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-09-27 14:54 . 2008-01-02 19:43 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-09-27 14:54 . 2008-01-02 19:43 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-09-27 14:54 . 2008-01-02 19:43 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-09-27 14:54 . 2008-01-02 19:43 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-09-27 14:54 . 2008-01-02 19:43 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-09-27 14:54 . 2008-01-02 19:43 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-09-27 14:54 . 2008-01-02 19:43 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-09-27 14:54 . 2008-01-02 19:43 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-09-27 14:53 . 2008-01-02 19:43 43152 ----a-w- c:\windows\avastSS.scr
2013-09-27 14:52 . 2013-09-27 14:52 -------- d-----w- c:\program files\AVAST Software
2013-09-27 14:52 . 2008-01-02 19:41 -------- d-----w- c:\programdata\AVAST Software
2013-09-12 17:52 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2013-08-28 01:08 . 2013-08-02 02:48 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-18 10:08 . 2013-10-11 10:17 -------- d-----w- c:\windows\system32\MRT
2013-08-18 02:06 . 2013-06-15 13:22 15872 ----a-w- c:\windows\system32\icaapi.dll
2013-08-18 02:06 . 2013-06-15 11:23 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-18 02:06 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-18 02:05 . 2013-07-05 04:53 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-18 02:05 . 2013-07-10 09:47 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-18 02:05 . 2013-07-08 04:55 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-18 02:05 . 2013-07-09 12:10 1205168 ----a-w- c:\windows\system32\ntdll.dll
2013-08-18 02:05 . 2013-07-08 04:55 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-18 02:05 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-18 02:05 . 2013-07-08 04:16 992768 ----a-w- c:\windows\system32\crypt32.dll
2013-08-18 02:04 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2013-08-18 02:04 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-25 03:26 . 2012-10-17 11:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll
2013-07-22 01:36 . 2013-07-22 01:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 18:39 . 2013-10-02 11:53 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-21 18:39 . 2013-07-21 18:39 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-07-21 18:39 . 2013-07-21 18:39 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-07-21 18:39 . 2013-10-02 11:53 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-07-21 18:38 . 2013-07-21 18:38 -------- d--h--w- c:\programdata\Common Files
2013-07-18 01:30 . 2013-07-18 01:30 17325760 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2013-07-16 03:20 . 2013-07-16 03:20 -------- d-----w- c:\program files\ArcSoft
2013-07-16 01:42 . 2008-01-05 19:25 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-16 01:42 . 2013-07-16 01:42 -------- d-----w- c:\program files\DriverUpdate
2013-07-15 23:43 . 2013-07-15 23:44 -------- d-----w- c:\users\Mcx1
2013-07-11 17:23 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 17:23 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 17:23 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 17:23 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 17:23 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 01:07 . 2013-07-11 01:07 756888 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-06-21 10:18 . 2013-03-27 00:59 92256 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-06-20 18:40 . 2013-06-20 18:40 9793536 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-06-20 02:44 . 2013-06-20 02:44 1366656 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
2013-06-17 06:23 . 2013-06-17 06:23 -------- d-----w- c:\program files\Common Files\Java
2013-06-17 05:29 . 2013-06-17 05:29 -------- d-----w- c:\windows\en
2013-06-17 05:29 . 2012-03-09 01:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2013-06-17 05:27 . 2013-06-17 05:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-06-17 05:26 . 2013-06-17 05:29 -------- d-----w- c:\program files\Windows Live
2013-06-17 05:25 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-06-17 05:25 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-06-17 05:25 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-06-17 05:25 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-06-17 04:58 . 2013-06-17 04:58 -------- d-----w- c:\program files\Common Files\Windows Live
2013-06-17 04:58 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-06-17 03:58 . 2008-07-08 15:45 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2013-06-15 16:23 . 2013-06-15 16:23 -------- d-----w- c:\program files\iPod
2013-06-15 16:23 . 2013-06-15 16:24 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-15 16:23 . 2013-06-15 16:24 -------- d-----w- c:\program files\iTunes
2013-06-12 21:36 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:36 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 21:35 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 21:35 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 21:35 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-25 17:59 . 2013-05-25 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 17:59 . 2013-05-25 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 17:59 . 2013-05-25 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 17:59 . 2013-05-25 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 17:59 . 2013-05-25 17:59 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 17:58 . 2013-07-25 02:30 -------- d-----w- c:\program files\QuickTime
2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-05-09 08:07 . 2013-05-09 08:07 1618096 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
2013-05-04 19:51 . 2013-05-04 19:51 -------- d-----w- c:\program files\Comcast
2013-05-04 19:50 . 2013-05-04 19:51 -------- d-----w- c:\program files\Common Files\Motive
2013-05-04 19:50 . 2013-05-04 19:57 -------- d-----w- c:\programdata\Motive
2013-04-10 19:37 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 19:37 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 19:37 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 19:37 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 19:37 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-16 19:48 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-13 06:29 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll
2013-01-14 01:04 . 2013-01-14 01:04 -------- d-----w- c:\program files\Conduit
2013-01-14 01:03 . 2013-01-21 02:27 -------- d-----w- c:\program files\WiseConvert
2013-01-09 03:20 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 03:20 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2012-12-13 21:50 . 2012-12-13 21:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 21:50 . 2012-12-13 21:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-12-13 11:04 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 11:03 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 11:03 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 11:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 11:03 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 11:03 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 11:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 11:03 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 11:03 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 11:03 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-13 11:03 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 01:45 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 01:45 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 01:45 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-11-28 03:55 . 2012-11-28 03:55 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-13 22:24 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-10-17 18:26 . 2012-10-17 18:26 499088 ----a-w- c:\windows\system32\HPWia2_OJ8600.dll
2012-10-17 18:26 . 2012-10-17 18:26 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll
.
.

shannon1970 · Nov 4, 2013

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 03:26 . 2012-12-13 11:03 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2011-08-05 19:40 . 2011-08-05 19:40 3584 ----a-w- c:\windows\system32\drivers\UMDF\zh-TW\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 3584 ----a-w- c:\windows\system32\drivers\UMDF\zh-CN\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\sv-SE\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\ru-RU\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pl-PL\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 5632 ----a-w- c:\windows\system32\drivers\UMDF\nb-NO\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\ms-MY\ZuneDriver.dll.mui
2011-08-05 19:40 . 2011-08-05 19:40 4096 ----a-w- c:\windows\system32\drivers\UMDF\ko-KR\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 4608 ----a-w- c:\windows\system32\drivers\UMDF\ja-JP\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\id-ID\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\hu-HU\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\fi-FI\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\el-GR\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\da-DK\ZuneDriver.dll.mui
2011-08-05 19:39 . 2011-08-05 19:39 5632 ----a-w- c:\windows\system32\drivers\UMDF\cs-CZ\ZuneDriver.dll.mui
2011-08-05 19:26 . 2011-08-05 19:26 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2011-05-05 16:01 . 2006-11-02 08:55 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-03-03 15:40 . 2011-04-27 17:03 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 17:03 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 17:03 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 17:03 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2009-11-08 16:35 . 2009-11-08 16:35 439848 ----a-w- c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-centives\UninstallCouponActivator.exe
2009-11-03 21:46 . 2009-12-10 00:46 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2009-10-08 23:12 . 2011-01-05 11:02 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2009-10-01 01:08 . 2011-01-05 11:02 3072 ----a-w- c:\windows\system32\drivers\UMDF\en-US\wpdmtpdr.dll.mui
2009-04-11 06:32 . 2006-11-02 08:30 177128 ----a-w- c:\windows\system32\halmacpi.dll
2009-04-11 06:32 . 2006-11-02 08:30 140776 ----a-w- c:\windows\system32\halacpi.dll
2009-04-11 06:28 . 2009-08-04 17:55 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2009-04-11 06:24 . 2009-08-04 17:55 4096 ----a-w- c:\windows\system32\drivers\en-US\hdaudbus.sys.mui
2009-04-11 06:22 . 2009-08-04 17:55 8192 ----a-w- c:\windows\system32\drivers\en-US\bthport.sys.mui
2008-11-01 03:44 . 2008-12-11 07:26 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2008-01-21 02:26 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2008-01-21 02:26 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2008-01-21 02:25 . 2008-01-21 02:25 20480 ----a-w- c:\windows\system32\drivers\en-US\mpio.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 32768 ----a-w- c:\windows\system32\drivers\en-US\volsnap.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 5120 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 6656 ----a-w- c:\windows\system32\drivers\en-US\luafv.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 19968 ----a-w- c:\windows\system32\drivers\en-US\e1e6032.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 5120 ----a-w- c:\windows\system32\drivers\en-US\b57nd60x.sys.mui
2008-01-21 02:25 . 2008-01-21 02:25 16896 ----a-w- c:\windows\system32\drivers\en-US\E1G60I32.sys.mui
2008-01-21 02:24 . 2008-01-21 02:24 237568 ----a-w- c:\windows\apppatch\AcRedir.dll
2008-01-21 02:23 . 2006-11-02 07:36 31288 ----a-w- c:\windows\system32\drivers\megasas.sys
2008-01-21 02:23 . 2006-11-02 07:36 149560 ----a-w- c:\windows\system32\drivers\adpu320.sys
2008-01-21 02:23 . 2006-11-02 08:55 35328 ----a-w- c:\windows\system32\drivers\circlass.sys
2008-01-21 02:23 . 2006-11-02 07:36 74808 ----a-w- c:\windows\system32\drivers\sisraid4.sys
2008-01-21 02:23 . 2006-11-02 07:36 41016 ----a-w- c:\windows\system32\drivers\sisraid2.sys
2008-01-21 02:23 . 2006-11-02 07:36 40504 ----a-w- c:\windows\system32\drivers\HpCISSs.sys
2008-01-21 02:23 . 2006-11-02 07:36 101432 ----a-w- c:\windows\system32\drivers\adpu160m.sys
2008-01-21 02:23 . 2006-11-02 07:36 89656 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2008-01-21 02:23 . 2006-11-02 07:36 300600 ----a-w- c:\windows\system32\drivers\adpahci.sys
2008-01-21 02:23 . 2006-11-02 08:54 22072 ----a-w- c:\windows\system32\drivers\wd.sys
2008-01-21 02:23 . 2006-11-02 07:36 1122360 ----a-w- c:\windows\system32\drivers\ql2300.sys
2008-01-21 02:23 . 2006-11-02 07:36 79928 ----a-w- c:\windows\system32\drivers\arcsas.sys
2008-01-21 02:23 . 2006-11-02 08:51 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys
2008-01-21 02:23 . 2006-11-02 08:51 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2008-01-21 02:23 . 2006-11-02 08:51 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2008-01-21 02:23 . 2006-11-02 08:38 6656 ----a-w- c:\windows\system32\kbd106.dll
2008-01-21 02:23 . 2006-11-02 07:36 130616 ----a-w- c:\windows\system32\drivers\vsmraid.sys
2008-01-21 02:23 . 2006-11-02 07:36 96312 ----a-w- c:\windows\system32\drivers\lsi_fc.sys
2008-01-21 02:23 . 2006-11-02 07:36 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys
2008-01-21 02:23 . 2006-11-02 07:36 79416 ----a-w- c:\windows\system32\drivers\arc.sys
2008-01-21 02:23 . 2006-11-02 07:36 235064 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2008-01-21 02:23 . 2006-11-02 08:52 24632 ----a-w- c:\windows\system32\drivers\crcdisk.sys
2008-01-21 02:23 . 2006-11-02 08:42 64512 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2008-01-21 02:23 . 2006-11-02 08:35 61496 ----a-w- c:\windows\system32\drivers\GAGP30KX.SYS
2008-01-21 02:23 . 2006-11-02 08:35 59448 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2008-01-21 02:23 . 2006-11-02 07:36 342584 ----a-w- c:\windows\system32\drivers\elxstor.sys
2008-01-21 02:23 . 2006-11-02 08:52 94776 ----a-w- c:\windows\system32\drivers\msdsm.sys
2008-01-21 02:23 . 2006-11-02 07:36 45112 ----a-w- c:\windows\system32\drivers\nvstor.sys
2008-01-21 02:23 . 2006-11-02 07:36 102968 ----a-w- c:\windows\system32\drivers\nvraid.sys
2008-01-21 02:23 . 2006-11-02 07:36 422968 ----a-w- c:\windows\system32\drivers\adp94xx.sys
2008-01-21 02:23 . 2006-11-02 08:52 105016 ----a-w- c:\windows\system32\drivers\mpio.sys
2008-01-21 02:23 . 2006-11-02 08:51 15872 ----a-w- c:\windows\system32\drivers\mouhid.sys
2008-01-21 02:23 . 2006-11-02 07:36 238648 ----a-w- c:\windows\system32\drivers\uliahci.sys
2008-01-21 02:23 . 2006-11-02 08:52 19000 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2008-01-21 02:23 . 2006-11-02 08:51 30264 ----a-w- c:\windows\system32\drivers\i2omp.sys
2008-01-21 02:23 . 2006-11-02 09:04 22632 ----a-w- c:\windows\system32\streamci.dll
2008-01-21 02:23 . 2006-11-02 09:03 248832 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2008-01-21 02:23 . 2006-11-02 08:35 49720 ----a-w- c:\windows\system32\drivers\isapnp.sys
2008-01-21 02:23 . 2006-11-02 08:35 60984 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
2008-01-21 02:23 . 2006-11-02 08:35 109112 ----a-w- c:\windows\system32\drivers\NV_AGP.SYS
2008-01-21 02:23 . 2006-11-02 08:35 56888 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2008-01-21 02:23 . 2006-11-02 08:35 57400 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS
2008-01-21 02:23 . 2006-11-02 08:35 56376 ----a-w- c:\windows\system32\drivers\AGP440.sys
2008-01-21 02:23 . 2006-11-02 08:35 55864 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2008-01-21 02:23 . 2006-11-02 08:51 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2008-01-21 02:23 . 2006-11-02 08:51 20024 ----a-w- c:\windows\system32\drivers\viaide.sys
2008-01-21 02:23 . 2006-11-02 08:51 17976 ----a-w- c:\windows\system32\drivers\amdide.sys
2008-01-21 02:23 . 2006-11-02 08:51 19000 ----a-w- c:\windows\system32\drivers\cmdide.sys
2008-01-21 02:23 . 2006-11-02 08:51 17464 ----a-w- c:\windows\system32\drivers\aliide.sys
2008-01-21 02:23 . 2006-11-02 08:35 20792 ----a-w- c:\windows\system32\drivers\compbatt.sys
2008-01-21 02:23 . 2006-11-02 08:35 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-10-02 11:53 3353624 ----a-w- c:\program files\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWis0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll" [2013-10-02 3353624]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2008-01-02 19:43 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-26 00:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-26 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-28 122880]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-12-10 1982464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-20 2249352]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-10-02 2404376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2008-01-05 3567800]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN35JBXHH805KC;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-08-14 43624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 01:22 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2008-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 12:17]
.
2008-01-05 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2013-06-22 22:30]
.
2013-10-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-26 16:42]
.
2008-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 01:16]
.
2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 01:16]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: rvassociates.com
Trusted Zone: rvassociates.com\mail
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&p2=^ZX^xdm039^YY^us&si=radiopi
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&ind=2013012710&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2010-12-25 20:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF - ExtSQL: 2011-12-17 14:02; {5911488E-9D1E-40ec-8CBB-06B231CC153F}; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
FF - ExtSQL: 2012-06-11 12:32; toolbar@ask.com; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-01-20 18:29; 4jffxtbr@RadioRage_4j.com; c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\4jffxtbr@RadioRage_4j.com
FF - ExtSQL: 2013-09-27 07:54; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-23 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-01-20 18:29; 4jffxtbr@RadioRage_4j.com; c:\program files\RadioRage_4j\bar\1.bin
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-winHelpMusic - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-RadioRage Search Scope Monitor - c:\progra~1\RADIOR~2\bar\1.bin\4jsrchmn.exe
HKLM-Run-RadioRage_4j Browser Plugin Loader - c:\progra~1\RADIOR~2\bar\1.bin\4jbrmon.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder Express.lnk - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-FoxTab PDF Creator - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 11:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\RunDll32.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Comcast\pcBrowser.exe
c:\program files\Comcast\pcBrowser.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
.
**************************************************************************
.
Completion time: 2008-01-05 11:37:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 19:37
.
Pre-Run: 111,827,460,096 bytes free
Post-Run: 113,654,398,976 bytes free
.
- - End Of File - - 3D64355C017DFFA9B33CA108BA78C73F
81CD5EC01DB0CE57EDD853F82462EF27

Broni · Nov 4, 2013

Yes, go ahead and correct date/time./

Uninstall McAfee Security Scan Plus, typical foistware.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

shannon1970 · Nov 5, 2013

# AdwCleaner v3.011 - Report created 04/11/2013 at 23:38:39
# Updated 03/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Jeff - HOME-PC
# Running from : C:\Users\Jeff\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : RadioRage_4jService
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Local\Conduit
Folder Deleted : C:\Users\Jeff\AppData\Local\RadioRage_4j
Folder Deleted : C:\Users\Jeff\AppData\Local\Searchprotect
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\RadioRage_4j
Folder Deleted : C:\Users\Jeff\AppData\Roaming\StartNow Toolbar
Folder Deleted : C:\Users\Nicholas\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\Extensions\4jffxtbr@RadioRage_4j.com
Folder Deleted : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Jeff\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\searchplugins\my-web-search.xml
***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E7ABF2A-8C44-4562-895D-DBCA3CDDD1A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA41198F-C3C5-47D8-99E1-1AB199E81723}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9E18E695-C9AF-4369-8CC3-93141C2928AF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RadioRage_4j
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\RadioRage_4j
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v24.0 (en-US)
[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "My Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&p2=^ZX^xdm039^YY^us&si=radiopi");
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&p2=^ZX^xdm039^YY^us&si=radiopi");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2013012710");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm039^YY^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "radiopi");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "B2BF0A2E-9550-4D28-8087-A82F23B6237F");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1381550291635");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.searchHistory", "new water heater||google docs||csdo.org");
Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "94566");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "radiorage@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com");
Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=B2BF0A2E-9550-4D28-8087-A82F23B6237F&n=77fc22e6&ind=2013012710&p2=^ZX^xdm039^YY^us&si=radiopi&searchfor=");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files\\StartNow Toolbar");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.lastSearchProtectAction", "hxxp://www.msn.com/?pc=Z128&ocid=zdhp&inst...ask.com/?l=dis&o=41648106&gct=hp|Bing|Ask.com");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : icon_url
*************************
AdwCleaner[R0].txt - [15967 octets] - [04/11/2013 23:36:45]
AdwCleaner[S0].txt - [15947 octets] - [04/11/2013 23:38:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16008 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Jeff on Mon 11/04/2013 at 23:53:44.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BD74EB64-8F22-4CA5-BF81-F145A1F27680}

~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"

~~~ Folders

~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted the following from C:\Users\Jeff\AppData\Roaming\mozilla\firefox\profiles\jpcsz7ua.default\prefs.js
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
Emptied folder: C:\Users\Jeff\AppData\Roaming\mozilla\firefox\profiles\jpcsz7ua.default\minidumps [60 files]

~~~ Chrome
Successfully deleted: [Folder] C:\Users\Jeff\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/04/2013 at 23:56:41.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

shannon1970 · Nov 5, 2013

OTL logfile created on: 11/5/2013 12:03:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 58.89% Memory free
6.96 Gb Paging File | 5.35 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.43 Gb Total Space | 107.05 Gb Free Space | 23.45% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.28 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/05 00:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2013/10/11 03:15:55 | 000,310,352 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/06/22 14:30:28 | 034,220,352 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
PRC - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 11:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 11:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/10/17 03:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 03:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2012/08/14 00:31:58 | 000,043,624 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2011/08/05 11:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/03/15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/12 12:24:16 | 000,073,728 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/28 10:14:28 | 000,122,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/02 04:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/11 02:47:59 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/11 02:45:31 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/11 02:45:11 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/11 02:44:53 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/11 02:44:35 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/08/18 02:38:46 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/18 02:38:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 02:38:37 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 02:35:03 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/18 02:34:35 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/18 02:34:15 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/18 02:31:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/12 02:41:38 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f28238b56c8b6401a428aa549b28a89a\UIAutomationTypes.ni.dll
MOD - [2013/07/12 02:37:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/12 02:36:30 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/11/11 02:05:22 | 000,103,424 | ---- | M] () -- C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/05 10:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 10:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 10:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 10:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 10:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 10:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 10:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/03/29 20:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/02/21 18:01:43 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

========== Services (SafeList) ==========

SRV - [2013/10/11 04:17:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 17:26:39 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/14 00:31:58 | 000,043,624 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/05 11:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 11:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 11:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/03/15 21:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/11/04 23:40:37 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/02/01 09:09:13 | 000,057,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mini_x86.sys -- (mini)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/05/24 06:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/12/04 05:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 18:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/07 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 07:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/12/12 08:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDE75E4-7DAD-4253-899D-9833EB22E573}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{F4C0425A-97F6-4966-A849-70586B1783EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes,DefaultScope = {2620ADC6-BE26-4522-9607-8AD3B21A2388}
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{2620ADC6-BE26-4522-9607-8AD3B21A2388}: "URL" = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7GGLL_enUS277
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searc...&install_date=20111217&iesrc={referrer:source}
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGLL_enUS277
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{810F306C-6DE5-4F61-938B-7D6C33C58C42}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{AFDE75E4-7DAD-4253-899D-9833EB22E573}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\SearchScopes\{F4C0425A-97F6-4966-A849-70586B1783EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B5911488E-9D1E-40ec-8CBB-06B231CC153F%7D:2.5.0
FF - prefs.js..extensions.enabledAddons: 4jffxtbr%40RadioRage_4j.com:2.73.0.64909
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Jeff\AppData\Local\Roblox\Versions\version-6e655c3defe448aa\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/04 23:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 17:26:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/04 23:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 17:26:32 | 000,000,000 | ---D | M]

[2010/12/25 19:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2013/11/04 23:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions
[2012/06/15 10:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/13 07:27:21 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/04/26 15:57:01 | 000,001,832 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\jpcsz7ua.default\searchplugins\bing.xml
[2013/11/04 09:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/05 17:26:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/05 17:26:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/05 17:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/05 17:26:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/16 19:58:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: No name found = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008/01/05 11:25:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..Trusted Domains: rvassociates.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..Trusted Domains: rvassociates.com ([mail] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3FDEA10-F1D0-40D5-9A9A-6E0150669A29}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D427EF7F-EC23-4485-B5E3-E124A08492E7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/21 18:13:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/05 00:01:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/11/04 23:53:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 23:47:54 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Jeff\Desktop\JRT.exe
[2013/11/04 23:36:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/05 00:01:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/11/04 23:47:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Jeff\Desktop\JRT.exe
[2013/11/04 23:42:19 | 000,001,765 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2013/11/04 23:40:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 23:40:37 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/04 23:40:18 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 23:40:18 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 23:40:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/04 23:40:09 | 3622,264,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/04 23:36:19 | 001,073,258 | ---- | M] () -- C:\Users\Jeff\Desktop\adwcleaner.exe
[2013/11/04 23:21:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 23:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 18:44:00 | 000,039,314 | ---- | M] () -- C:\Users\Jeff\AppData\Roaming\wklnhst.dat
[2013/11/04 11:52:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/10/25 12:55:31 | 000,181,760 | ---- | M] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/17 18:01:56 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/11 02:42:22 | 000,446,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/08 18:58:46 | 000,070,656 | ---- | M] () -- C:\Users\Jeff\Documents\boys schedule.wps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/04 23:36:19 | 001,073,258 | ---- | C] () -- C:\Users\Jeff\Desktop\adwcleaner.exe
[2013/10/06 20:39:29 | 000,070,656 | ---- | C] () -- C:\Users\Jeff\Documents\boys schedule.wps
[2013/08/27 05:41:55 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/07/24 19:21:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/15 17:42:35 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/06/16 19:58:17 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/02/01 09:14:49 | 000,057,360 | ---- | C] () -- C:\Windows\System32\drivers\mini_x86.sys
[2011/12/17 14:02:09 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/06/17 06:53:34 | 000,909,941 | ---- | C] () -- C:\Users\Jeff\AMP_brochure_00h.pdf
[2011/06/15 17:31:53 | 000,000,600 | ---- | C] () -- C:\Users\Jeff\AppData\Local\PUTTY.RND
[2010/10/05 14:47:16 | 000,001,940 | ---- | C] () -- C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/03/06 16:38:45 | 000,000,632 | RHS- | C] () -- C:\Users\Jeff\ntuser.pol
[2008/06/23 09:11:22 | 000,023,888 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\UserTile.png
[2008/06/02 19:42:59 | 000,039,314 | ---- | C] () -- C:\Users\Jeff\AppData\Roaming\wklnhst.dat
[2008/05/24 12:19:18 | 000,181,760 | ---- | C] () -- C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 14:49:45 | 000,001,356 | ---- | C] () -- C:\Users\Jeff\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/03 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\.minecraft
[2009/06/11 10:57:06 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Artogon
[2008/01/04 22:46:21 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\AVAST Software
[2012/02/01 09:10:05 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\com.cricut.Cricut-CraftRoom
[2009/11/08 08:35:43 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\E-centives
[2009/07/10 07:45:11 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Enlightenus
[2008/06/08 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\EPSON
[2009/07/12 11:41:59 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Flood Light Games
[2009/07/11 22:50:53 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\FloodLightGames
[2009/03/30 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Gold Casual Games
[2009/04/20 13:07:15 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\HiT-MM
[2010/06/29 15:19:26 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\LEGO Company
[2009/03/31 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Lost in the City
[2009/06/12 20:49:09 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Meridian93
[2011/01/06 23:09:22 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\muvee Technologies
[2008/06/06 21:37:40 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Nikon
[2009/04/28 13:46:43 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\PlayFirst
[2011/05/25 08:42:40 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Pro700 Series
[2009/04/01 22:44:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\RobinsonCrusoe
[2009/03/30 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SerpentOfIsis
[2009/04/17 19:27:11 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Skunk Studios
[2008/05/22 12:43:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Snapfish
[2008/06/02 19:43:18 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Template
[2009/04/27 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Ubisoft
[2009/04/18 20:57:54 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Vogat Interactive
[2008/05/22 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WildTangent
[2009/03/03 18:29:02 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WinBatch
[2010/06/29 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\LEGO Company
[2010/05/24 15:17:48 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Pro700 Series
[2008/05/28 06:21:27 | 000,000,000 | ---D | M] -- C:\Users\Jordan\AppData\Roaming\Snapfish
[2010/05/24 15:25:10 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Pro700 Series
[2009/08/02 07:42:27 | 000,000,000 | ---D | M] -- C:\Users\Nicholas\AppData\Roaming\Snapfish

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 67731 bytes -> C:\Windows\System32\`„

ctlsp.log
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP

31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP

1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP

48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:84CFEE62
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9BFB769D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP

E47A3DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:42509EA1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3FD496E1
< End of report >

shannon1970 · Nov 5, 2013

OTL Extras logfile created on: 11/5/2013 12:03:01 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.37 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 58.89% Memory free
6.96 Gb Paging File | 5.35 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.43 Gb Total Space | 107.05 Gb Free Space | 23.45% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.28 Gb Free Space | 13.76% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F41F40-1C6C-4AFE-882B-A9F1C726E608}" = lport=10243 | protocol=6 | dir=in | app=system |
"{082BDBE9-6A57-4084-9D87-FF39538299D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0AEBE5F2-15DF-4981-8F7F-05CA53B94F84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C61C734-FC8B-48D7-BB4E-03E5EEDEFEE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{0FA07FEA-D7C3-4AC0-ADCB-75B34C0E71FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{14A2FB1D-F48B-4421-9776-02164AB9B471}" = rport=10243 | protocol=6 | dir=out | app=system |
"{151C7A4C-9FED-4244-8BF7-97D7B980A9D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CD2D402-EB08-4A1A-BBB7-FE80BB5C90DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{202C57BF-CD36-432E-B550-45F79F1F7DBB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2119CDEF-6183-446A-8F11-357B62193D75}" = lport=445 | protocol=6 | dir=in | app=system |
"{25CCB46D-F6BC-48A0-B73C-5E75C81911A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BD6B2C3-CE61-4C19-883D-B56A084F094A}" = rport=138 | protocol=17 | dir=out | app=system |
"{3157F10B-71AD-41FF-AD8F-6A892EAC764D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32CBE2D4-491D-453B-9CC4-C370409D6AFA}" = rport=10244 | protocol=6 | dir=out | app=system |
"{359D9507-83A1-429D-9B3E-7891B61AF16A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38031D31-8831-46EC-9570-E8B762359F4A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AF76CCC-F271-453F-A79E-808182C18205}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AFD30ED-D6FC-4D4A-B634-1350A9107556}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48E0DBCF-2071-46D1-B6AF-9390589799D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53D24B1F-8B0E-4FE7-B79D-4228E61E6D70}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5A2AD038-80CE-4A00-BEFA-DC77F23665B5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5D9D3D82-622A-4E6A-8EF2-55E7E0E1B857}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E20B874-206F-4E1F-AAD7-B8C70CBBE3B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EC069BA-B64D-46E9-AFCE-74D3D82B5858}" = rport=445 | protocol=6 | dir=out | app=system |
"{5FE14698-2385-4E10-9FB8-B974ED24F14F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6451F596-4DBE-4CE9-BD84-D40224172184}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6791226B-67C6-490F-87E7-534A19DD606F}" = lport=139 | protocol=6 | dir=in | app=system |
"{68E984D8-4EF5-4D70-8131-388C84CEC6DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6C653207-6F79-4949-B132-753E9CCFA1E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74B2C472-902B-4E2A-BD89-528B7690D59B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7547B280-71C8-45A3-BE11-BAEF4EB5E2D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B8C674B-CBAD-4209-AE7C-3E1B0A0A4502}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CFED7C2-8D41-4BB0-BB2F-0C20F7B757AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8934F1FD-FA51-44C1-9A66-7B8E39FB7C02}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{897AF8C9-7831-441D-813E-BAB5B2DFAD6E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9143A0E1-F2A9-4637-8209-FB0465719E14}" = lport=10243 | protocol=6 | dir=in | app=system |
"{950C23EF-04C1-4E99-A35E-B1371FB67AAE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9D70650D-8AA7-4C9C-A926-ACC71D80E502}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DEC1824-A794-4C40-9B56-C302FDA3464E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E686BA4-10DE-42B6-8CFE-1A2578BBA8FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FB91DBA-57F2-48B4-AF95-A83D587AE9D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4BDE1A8-E218-416A-8CBC-7EFCBCD6572B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B87BF66B-4D8F-4C70-A412-2F6B6047ADC2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B9AAEE06-312D-462B-9CBE-4021C051276E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE9080D5-A47A-477C-9511-4EA4883FDE44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFEC5F16-48A7-4070-A1ED-23991C979FF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2887E4D-948E-4F1A-A425-769E5D3AA44D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C288B7BC-9291-43EF-A9D0-23442BAC1EE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C34D2164-5CE7-4DF7-9447-7B55A62B7286}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C80C7880-B24B-4DCF-8BE8-D2E13C6DBBC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9E49A1B-18FA-4FA3-96BD-D32E463801B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D3D96652-207C-4CE8-8F4B-802C4D6DFAFF}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D92180DF-963A-4E5E-836A-59DD448CF7C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAD65A94-E9FB-4295-823F-1774C053572A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DEEA59DE-BDFF-483F-83B1-93A9DDAB95C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4E51D4F-0F6B-4023-9979-1662FCB18F9B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5FDCE0E-9777-4767-BEF1-CB46C010C8D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E925DEB7-BF94-4666-BBAB-52D7F740DBA3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F3E67F1F-1C72-430B-84D8-1886B1EDB69C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F62D3830-14B1-4343-A4A4-B8ABB2F8DF2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9843741-674A-4733-AA6A-B855A62681B1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FBDE85E9-5420-4CE9-8CB9-2D2B30802002}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0140496D-1C60-4B58-A83A-BD78797505DE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{094BD100-D39A-4A56-AD76-301ACC567859}" = protocol=6 | dir=out | app=system |
"{0A800E17-BD2C-4DBB-9549-F83F9FF6C097}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A9568D9-B54B-4020-983E-D92EBE59E992}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
"{0AE98FEB-39E2-4E8D-AC98-996750FC6644}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{0C981A23-1515-44CE-A30F-DA93043128A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E9F36F0-0503-49AE-8DF4-6F739AA5D76F}" = protocol=6 | dir=out | app=system |
"{1E89523E-470B-45FE-BFA5-EB7DEA657ECD}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2478D5AC-E828-4916-B6FE-DBF035D77C99}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
"{25824C21-DB0B-4123-8B12-D3914487D892}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{2D7B8169-EAD0-4597-956D-CACF9AEE5781}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31FBF294-D0A3-4958-9238-9CAF25E42F6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{354037D2-7FD1-4C73-9235-6A62312CD156}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A36EE45-95FD-48A1-A967-E15C7FB072B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A8269FA-1D67-4174-953D-F78AAA868E6E}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{3C47C148-87DD-4F1F-81DB-39730C9C0F4F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3E1A090C-5D39-45FE-9DA8-0BE85744E02C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F31A20D-07E6-4D9A-B7E4-F421640B743D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{47F5E462-97FF-4A27-9F5E-C42D31F04339}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4BFA0F81-5C25-45D3-80FF-3E2377E537B1}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F1F72C5-6BA5-4808-920B-FB6E67ED58C1}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{51310AD0-8429-4F6A-ACE5-1765A0B99B85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5492A231-7379-4220-9E2B-5B2555C75510}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5800F1CB-69D1-4DA3-BD04-D568ED0DBFC6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5A899D0F-0F5C-4253-A2DE-1DF8864CAFD6}" = protocol=6 | dir=in | app=c:\program files\lexmark pro700 series\lxeefax.exe |
"{5E184A36-A6A6-4800-9236-5F961EFBC8F8}" = protocol=17 | dir=in | app=c:\program files\lexmark pro700 series\lxeefax.exe |
"{5E2FEFDB-31D7-49EB-80D9-F76C5C8F67F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F3CA996-B390-4319-9616-E261EB6AD3A1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6997AE70-DC7D-402C-82C9-36AEDCFDC93B}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{7102C7D9-A585-4D10-BA14-44A07C4571E7}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{74A66B48-98B9-46ED-8BF6-D9C92F0FE9CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79A163F1-91D6-40FD-A971-95D9766990CB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{81BC3080-7549-409D-9197-143DCE5E3C00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{825FE0BC-32B1-4C43-9828-32ADBE5E1347}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{872EEE04-2953-4A8D-A2F5-CDA1C71FDA20}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{8D6C99F5-E27B-4D7A-8C8C-839FE8C3F873}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{90E4CDB0-E750-4C64-897B-25307BC16F3D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{975D5866-2837-489F-B2ED-2A733386FD14}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B89D801-F8EB-469B-812F-E72F7526335B}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{9DF1B314-0227-4A4A-ACB0-F27FCEC9167B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A067058C-7079-4469-9754-B5AEB562397C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A73F92BA-372A-44A4-973E-44560E5BAA3A}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{AA35700C-E8D9-48D0-9CA7-A7D3CD90EB03}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AAB67170-5AA5-4E4A-A84F-018A378EB758}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AB6FCB63-5CD0-414A-BEAE-B8DC47D1F42C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AED63506-EFC2-48DC-A959-325A6CD640D2}" = protocol=6 | dir=out | app=system |
"{B9754ADD-DA89-4D16-B878-347689DB0AC7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6A485FC-CD26-4457-B73D-57AFBF7CC888}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
"{C9F6A01C-27F7-41BC-BB5F-2A81862FAA09}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{D16B47D9-3274-4A40-8FC1-42E13B89DBD5}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{D5EDED92-A1A7-41D7-9880-D6F47A53A66E}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
"{D741DEE9-20AF-44AD-9E4D-C8B3BA2E0BBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DD1C2742-7F95-4722-A0C7-60F435E79137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD9BCBCE-9702-47AE-A93B-289F0D996BC2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E0AABBAB-DE27-4CF8-B504-B3F0AACE5259}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5DA399E-C280-4DE7-A7C5-D347D415FA7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF95221D-9BD6-4817-9EC0-D375964CBD0C}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{EFA1520E-E2F4-443E-8209-F1681FA2EAEA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F632668E-8D29-4ACA-B805-A93490273DF0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F85C2DE2-9BE2-48FD-A6EB-FED7A3DF376A}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{FA19484E-9392-492D-8401-33579C107210}" = protocol=6 | dir=out | app=system |
"{FB3650FC-5DEB-48E0-A1E8-FA829AD1F51C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD3F068A-5972-44A0-82F5-281CA6E65033}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FE737FBF-C6C1-4A94-A407-CC71C2A595C7}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{FF1E4AAA-F485-4E53-ACE8-5AC8963DC6B3}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"TCP Query User{02B2173E-D2B4-44FA-BCE1-060DE3F20BC3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{07EA2C12-A462-4ABD-B8B9-3EF80EA5C0B2}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=6 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe |
"TCP Query User{2170A7D9-F921-4D96-90CD-F14571F926BE}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{2E2501AF-2246-4AED-9A5A-D20559AC1D2D}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{452AEBAF-040C-4EB1-9734-DB86E5DA6B3E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{46EBEF22-7B0F-412E-B972-DB120EB39EFE}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=6 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe |
"TCP Query User{4F8F06F4-26FA-4707-A543-F312D53A0E1B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7FC871E9-1059-4074-813C-DE9644EE0CF6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9AEC8638-2A52-42C8-A9F9-190D662479FE}C:\users\jeff\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jeff\appdata\local\temp\ixp000.tmp\smpcsetup.exe |
"TCP Query User{BC72F178-68D5-469D-B323-5731E878D64D}C:\users\jeff\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jeff\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"TCP Query User{FEF54733-92AF-41DE-B192-E1F466B336A9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1AA14CEA-3691-42CA-A3EA-A88D1CC1812D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{2A1CA630-E6E2-48ED-9E86-0B3040A24878}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=17 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe |
"UDP Query User{4DEAD872-7A51-4887-B7A6-CB22DD879C8A}C:\users\jeff\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jeff\appdata\local\temp\ixp000.tmp\smwinvnc.exe |
"UDP Query User{56466D17-7B58-46B2-9008-2B423860BCE6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{60FD1EF5-E871-4991-AAB1-C7ACFEEC622B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{76A88BCB-194A-4AFB-B2E1-5DE203EEB610}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{ADCD9110-3DC7-4560-98F5-6EF8E9568B2B}C:\program files\cricut-craft room\ccrbridge.exe" = protocol=17 | dir=in | app=c:\program files\cricut-craft room\ccrbridge.exe |
"UDP Query User{C7E57B4D-D2BA-4B02-83FB-847B0C041D52}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D108948A-8CDC-4B66-9932-9F1D5974908B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{EA2E0A9F-20AA-4A67-93D8-4BB15E9847C8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EBDF0749-6976-4113-8B9A-729CB05A7E1F}C:\users\jeff\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jeff\appdata\local\temp\ixp000.tmp\smpcsetup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24737693-C80E-532F-CCC6-3AAE14D86EB1}" = Cricut Craft Room
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}" = Presto! BizCard 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B20968-B2E1-49C0-9508-CC1544D568F5}" = Presto! BizCard Component for Windows CE
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79ACC31A-87EA-472A-853E-5AC6A97CE569}" = HP Officejet Pro 8600 Product Improvement Study
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{936FA6E0-8A87-4A03-8004-138AB7A97637}" = ArcSoft MediaConverter 8
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A379E7A-22ED-44FF-9293-E393D704505D}" = HP Demo
"{9B260944-746E-4966-8918-0F9636930456}" = ArcSoft MediaImpression for Kodak
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}" = DriverUpdate
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DCBDA0BD-11BA-4AD1-9F82-6B073EABEFCE}" = Presto! BizCard 5
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B00B69-C244-46D1-BBD9-E400BB88DFCC}" = Hallmark Card Studio Express
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BFGC" = Big Fish Games Client
"Cisco Connect" = Cisco Connect
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.cricut.Cricut-CraftRoom" = Cricut Craft Room
"Cricut Mini (TM) Driver v1.01" = Cricut Mini (TM) Driver v1.01
"doPDF 6 printer_is1" = doPDF 6.2 printer
"EPSON Printer and Utilities" = EPSON Printer Software
"F2113B6DA5013A2F764FDB4C8A187CF2DB1F025C" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"F9F460BE83F391EACD49DEEE78C1D44988396991" = Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Picasa 3" = Picasa 3
"Quick Search Box" = Google Quick Search Box
"RadioRage_4jbar Uninstall" = RadioRage Toolbar
"Shockwave" = Shockwave
"ST6UNST #1" = WARDFLEX Sizing Program 2.x
"ST6UNST #2" = WARDFLEX Sizing Program 2.x (C:\Program Files\WFSize2.x\)
"ST6UNST #3" = WARDFLEX Sizing Program 2.x (C:\Program Files\WFSize2.x\) #3
"ST6UNST #4" = WARDFLEX Sizing Program 2.2.x
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinVDIG_is1" = WinVDIG 1.0
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Jeff
"GoToMeeting" = GoToMeeting 4.5.0.457

< End of report >

Broni · Nov 5, 2013

What happened to Avast? I don't see it running.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O3 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll File not found
O15 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..Trusted Domains: rvassociates.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3173169303-1287878829-2913250778-1000\..Trusted Domains: rvassociates.com ([mail] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD9F7E4E
@Alternate Data Stream - 67731 bytes -> C:\Windows\System32\`„:pctlsp.log
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5EF1AD34
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:97C4F81F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0AC32449
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:85C3B823
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:84CFEE62
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:090FB735
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1DEA771
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:98DFF516
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:9BFB769D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE47A3DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:42509EA1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:78E0DF72
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:60A4BB64
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:918B7566
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BB71BBA2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:68F4226F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C07A6A6B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3FD496E1

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

shannon1970 · Nov 6, 2013

I am trying to answer you and everytime I try to paste the files from the OTL program (which I had a hard time running) the screen freezes and I get a "techspot.com is not responding due to a long-running script.
The first time I ran it on the computer it froze. When I restarted the computer a log came up.

Files\Folders moved on Reboot...
C:\Users\Jeff\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

I tried to run it again and the same thing happened and this log came up.

Files\Folders moved on Reboot...
C:\Users\Jeff\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OXCFU0EZ\follow_button[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FDDZ0WIA\internet-running-super-slow-pop-ups-possible-zeroaccess[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\1741952230[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\1741952230[2].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\fastbutton[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\postmessageRelay[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3GZQDW30\like[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\08T519PC\ba[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
I then tried it in Safe Mode and it must have copied the last commands wrong and I got this log.

All processes killed
========== OTL ==========
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named MRESP50 was found to stop!
Service\Driver key MRESP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS not found.
Error: No service named MRENDIS5 was found to stop!
Service\Driver key MRENDIS5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Error: No service named MREMPR5 was found to stop!
Service\Driver key MREMPR5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Error: No service named MREMP50 was found to stop!
Service\Driver key MREMP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\mail\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:BD9F7E4E .
Unable to delete ADS C:\Windows\System32\`„

ctlsp.log .
Unable to delete ADS C:\ProgramData\TEMP:2BC498A4 .
Unable to delete ADS C:\ProgramData\TEMP:55F44B88 .
Unable to delete ADS C:\ProgramData\TEMP

31BE97C .
Unable to delete ADS C:\ProgramData\TEMP:5EF1AD34 .
Unable to delete ADS C:\ProgramData\TEMP:225CD7D5 .
Unable to delete ADS C:\ProgramData\TEMP:97C4F81F .
Unable to delete ADS C:\ProgramData\TEMP:0AC32449 .
Unable to delete ADS C:\ProgramData\TEMP:8944C195 .
Unable to delete ADS C:\ProgramData\TEMP

1B5B4F1 .
Unable to delete ADS C:\ProgramData\TEMP:7B52659E .
Unable to delete ADS C:\ProgramData\TEMP

48500F8 .
Unable to delete ADS C:\ProgramData\TEMP:85C3B823 .
Unable to delete ADS C:\ProgramData\TEMP:5E9B629B .
Unable to delete ADS C:\ProgramData\TEMP:53DF59D1 .
Unable to delete ADS C:\ProgramData\TEMP:84CFEE62 .
Unable to delete ADS C:\ProgramData\TEMP:090FB735 .
Unable to delete ADS C:\ProgramData\TEMP:569CEE83 .
Unable to delete ADS C:\ProgramData\TEMP:F1DEA771 .
Unable to delete ADS C:\ProgramData\TEMP:98DFF516 .
Unable to delete ADS C:\ProgramData\TEMP:CF61CE5A .
Unable to delete ADS C:\ProgramData\TEMP:9BFB769D .
Unable to delete ADS C:\ProgramData\TEMP

E47A3DA .
Unable to delete ADS C:\ProgramData\TEMP:7A0EFE63 .
Unable to delete ADS C:\ProgramData\TEMP:42509EA1 .
Unable to delete ADS C:\ProgramData\TEMP:78E0DF72 .
Unable to delete ADS C:\ProgramData\TEMP:60A4BB64 .
Unable to delete ADS C:\ProgramData\TEMP:177313FB .
Unable to delete ADS C:\ProgramData\TEMP:C8E82994 .
Unable to delete ADS C:\ProgramData\TEMP

FC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:7E95B6FD .
Unable to delete ADS C:\ProgramData\TEMP:4673E9EA .
Unable to delete ADS C:\ProgramData\TEMP:CB16385F .
Unable to delete ADS C:\ProgramData\TEMP:918B7566 .
Unable to delete ADS C:\ProgramData\TEMP:9ACB70D7 .
Unable to delete ADS C:\ProgramData\TEMP:FB97DB91 .
Unable to delete ADS C:\ProgramData\TEMP:260575F1 .
Unable to delete ADS C:\ProgramData\TEMP:BB71BBA2 .
Unable to delete ADS C:\ProgramData\TEMP:68F4226F .
Unable to delete ADS C:\ProgramData\TEMP:C07A6A6B .
Unable to delete ADS C:\ProgramData\TEMP:43982D5E .
Unable to delete ADS C:\ProgramData\TEMP:3FD496E1 .
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11062013_125945
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
And finally I tried it in Safe Mode and made sure it was copied properly and I got this final log.

All processes killed
========== OTL ==========
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named MRESP50 was found to stop!
Service\Driver key MRESP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS not found.
Error: No service named MRENDIS5 was found to stop!
Service\Driver key MRENDIS5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Error: No service named MREMPR5 was found to stop!
Service\Driver key MREMPR5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Error: No service named MREMP50 was found to stop!
Service\Driver key MREMP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\mail\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:BD9F7E4E .
Unable to delete ADS C:\Windows\System32\`„

ctlsp.log .
Unable to delete ADS C:\ProgramData\TEMP:2BC498A4 .
Unable to delete ADS C:\ProgramData\TEMP:55F44B88 .
Unable to delete ADS C:\ProgramData\TEMP

31BE97C .
Unable to delete ADS C:\ProgramData\TEMP:5EF1AD34 .
Unable to delete ADS C:\ProgramData\TEMP:225CD7D5 .
Unable to delete ADS C:\ProgramData\TEMP:97C4F81F .
Unable to delete ADS C:\ProgramData\TEMP:0AC32449 .
Unable to delete ADS C:\ProgramData\TEMP:8944C195 .
Unable to delete ADS C:\ProgramData\TEMP

1B5B4F1 .
Unable to delete ADS C:\ProgramData\TEMP:7B52659E .
Unable to delete ADS C:\ProgramData\TEMP

48500F8 .
Unable to delete ADS C:\ProgramData\TEMP:85C3B823 .
Unable to delete ADS C:\ProgramData\TEMP:5E9B629B .
Unable to delete ADS C:\ProgramData\TEMP:53DF59D1 .
Unable to delete ADS C:\ProgramData\TEMP:84CFEE62 .
Unable to delete ADS C:\ProgramData\TEMP:090FB735 .
Unable to delete ADS C:\ProgramData\TEMP:569CEE83 .
Unable to delete ADS C:\ProgramData\TEMP:F1DEA771 .
Unable to delete ADS C:\ProgramData\TEMP:98DFF516 .
Unable to delete ADS C:\ProgramData\TEMP:CF61CE5A .
Unable to delete ADS C:\ProgramData\TEMP:9BFB769D .
Unable to delete ADS C:\ProgramData\TEMP

E47A3DA .
Unable to delete ADS C:\ProgramData\TEMP:7A0EFE63 .
Unable to delete ADS C:\ProgramData\TEMP:42509EA1 .
Unable to delete ADS C:\ProgramData\TEMP:78E0DF72 .
Unable to delete ADS C:\ProgramData\TEMP:60A4BB64 .
Unable to delete ADS C:\ProgramData\TEMP:177313FB .
Unable to delete ADS C:\ProgramData\TEMP:C8E82994 .
Unable to delete ADS C:\ProgramData\TEMP

FC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:7E95B6FD .
Unable to delete ADS C:\ProgramData\TEMP:4673E9EA .
Unable to delete ADS C:\ProgramData\TEMP:CB16385F .
Unable to delete ADS C:\ProgramData\TEMP:918B7566 .
Unable to delete ADS C:\ProgramData\TEMP:9ACB70D7 .
Unable to delete ADS C:\ProgramData\TEMP:FB97DB91 .
Unable to delete ADS C:\ProgramData\TEMP:260575F1 .
Unable to delete ADS C:\ProgramData\TEMP:BB71BBA2 .
Unable to delete ADS C:\ProgramData\TEMP:68F4226F .
Unable to delete ADS C:\ProgramData\TEMP:C07A6A6B .
Unable to delete ADS C:\ProgramData\TEMP:43982D5E .
Unable to delete ADS C:\ProgramData\TEMP:3FD496E1 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jeff
->Temp folder emptied: 300668 bytes
->Temporary Internet Files folder emptied: 5076099 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 45850534 bytes
->Apple Safari cache emptied: 185812992 bytes
->Flash cache emptied: 2971664 bytes

User: Jordan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9235442 bytes
->Java cache emptied: 10680297 bytes
->Flash cache emptied: 2691 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56516 bytes

User: Nicholas
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 73873160 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3432 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1707833 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 18077719 bytes

Total Files Cleaned = 337.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeff
->Java cache emptied: 0 bytes

User: Jordan
->Java cache emptied: 0 bytes

User: Mcx1

User: Nicholas
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jeff
->Flash cache emptied: 0 bytes

User: Jordan
->Flash cache emptied: 0 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Nicholas
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11062013_134553
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

shannon1970 · Nov 6, 2013

Here is the Security Check

Results of screen317's Security Check version 0.99.76
Windows Vista Service Pack 2 x86
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 35
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox 24.0 Firefox out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Here is the FSS log

Farbar Service Scanner Version: 24-10-2013
Ran by Jeff (administrator) on 06-11-2013 at 14:08:30
Running from "C:\Users\Jeff\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

shannon1970 · Nov 6, 2013

ESET found no threats

I uninstalled AVAST because I was running Windows Defender and I thought I was not suppose to have two anti-virus programs. I then realized that WD has a firewall and spyware/malware but no Anti-Virus. Should I re-install AVAST? I will wait to here from you before I do.
I can't beleive we got this far and the computer is running much faster and smoother until I went to post these last few threads. It took me an hour to post because of the "techspot.com is not responding due to long-running script."
I just now realized that all the information I tried to post for the OTL files are missing from the thread. I put the info in and kept getting the long-running script problem and the website would freeze.
I tried running OTL the first time and the program froze. So I restarted the computer and a log came up.
I then tried it again and the same thing happened and another log came up.
I then tried in Safe Mode but I had a hard time transfering the code into the program because I was in Safe Mode and when I did I must have entered the last few pieces of code wrong. It finnished and another log came up
I then tried it a fourth and final time in Safe Mode and made sure the code was copied correctly and it ran and finished and another log came up.
For whatever reason I do not think this website will let me post it because every time I try I get the "techspot.com is not resopnding due to long-running script."
I will try to post the OTL logs in order stated above

shannon1970 · Nov 6, 2013

Files\Folders moved on Reboot...
C:\Users\Jeff\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

shannon1970 · Nov 6, 2013

Files\Folders moved on Reboot...
C:\Users\Jeff\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OXCFU0EZ\follow_button[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FDDZ0WIA\internet-running-super-slow-pop-ups-possible-zeroaccess[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\1741952230[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\1741952230[2].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\fastbutton[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ULH80LM\postmessageRelay[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3GZQDW30\like[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\08T519PC\ba[1].htm moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

shannon1970 · Nov 6, 2013

All processes killed
========== OTL ==========
Error: No service named SymIMMP was found to stop!
Service\Driver key SymIMMP not found.
File system32\DRIVERS\SymIM.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named MRESP50 was found to stop!
Service\Driver key MRESP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS not found.
Error: No service named MRENDIS5 was found to stop!
Service\Driver key MRENDIS5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS not found.
Error: No service named MREMPR5 was found to stop!
Service\Driver key MREMPR5 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS not found.
Error: No service named MREMP50 was found to stop!
Service\Driver key MREMP50 not found.
File C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3173169303-1287878829-2913250778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rvassociates.com\mail\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:BD9F7E4E .
Unable to delete ADS C:\Windows\System32\`„

ctlsp.log .
Unable to delete ADS C:\ProgramData\TEMP:2BC498A4 .
Unable to delete ADS C:\ProgramData\TEMP:55F44B88 .
Unable to delete ADS C:\ProgramData\TEMP

31BE97C .
Unable to delete ADS C:\ProgramData\TEMP:5EF1AD34 .
Unable to delete ADS C:\ProgramData\TEMP:225CD7D5 .
Unable to delete ADS C:\ProgramData\TEMP:97C4F81F .
Unable to delete ADS C:\ProgramData\TEMP:0AC32449 .
Unable to delete ADS C:\ProgramData\TEMP:8944C195 .
Unable to delete ADS C:\ProgramData\TEMP

1B5B4F1 .
Unable to delete ADS C:\ProgramData\TEMP:7B52659E .
Unable to delete ADS C:\ProgramData\TEMP

48500F8 .
Unable to delete ADS C:\ProgramData\TEMP:85C3B823 .
Unable to delete ADS C:\ProgramData\TEMP:5E9B629B .
Unable to delete ADS C:\ProgramData\TEMP:53DF59D1 .
Unable to delete ADS C:\ProgramData\TEMP:84CFEE62 .
Unable to delete ADS C:\ProgramData\TEMP:090FB735 .
Unable to delete ADS C:\ProgramData\TEMP:569CEE83 .
Unable to delete ADS C:\ProgramData\TEMP:F1DEA771 .
Unable to delete ADS C:\ProgramData\TEMP:98DFF516 .
Unable to delete ADS C:\ProgramData\TEMP:CF61CE5A .
Unable to delete ADS C:\ProgramData\TEMP:9BFB769D .
Unable to delete ADS C:\ProgramData\TEMP

E47A3DA .
Unable to delete ADS C:\ProgramData\TEMP:7A0EFE63 .
Unable to delete ADS C:\ProgramData\TEMP:42509EA1 .
Unable to delete ADS C:\ProgramData\TEMP:78E0DF72 .
Unable to delete ADS C:\ProgramData\TEMP:60A4BB64 .
Unable to delete ADS C:\ProgramData\TEMP:177313FB .
Unable to delete ADS C:\ProgramData\TEMP:C8E82994 .
Unable to delete ADS C:\ProgramData\TEMP

FC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:7E95B6FD .
Unable to delete ADS C:\ProgramData\TEMP:4673E9EA .
Unable to delete ADS C:\ProgramData\TEMP:CB16385F .
Unable to delete ADS C:\ProgramData\TEMP:918B7566 .
Unable to delete ADS C:\ProgramData\TEMP:9ACB70D7 .
Unable to delete ADS C:\ProgramData\TEMP:FB97DB91 .
Unable to delete ADS C:\ProgramData\TEMP:260575F1 .
Unable to delete ADS C:\ProgramData\TEMP:BB71BBA2 .
Unable to delete ADS C:\ProgramData\TEMP:68F4226F .
Unable to delete ADS C:\ProgramData\TEMP:C07A6A6B .
Unable to delete ADS C:\ProgramData\TEMP:43982D5E .
Unable to delete ADS C:\ProgramData\TEMP:3FD496E1 .
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11062013_125945
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Solved Internet running super slow pop ups possible ZeroAccess

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +517

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +517

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +517

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +517

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 56,041 +517

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Posts: 25 +0

Similar threads