Solved Virus/Malware Removal Issues

B

burds

Posts: 13   +0
I've been using Microsoft Security Essentials and Sophos to try and get rid of viruses/malware I noticed when random adds began popping up in strange places on certain websites. The programs say the files are removed but after restarting, the same files appear to have never been removed. Please help.

Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Brittany :: BRITTANY-PC [administrator]

Protection: Enabled

2/18/2014 9:19:48 PM
mbam-log-2014-02-18 (21-19-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221586
Time elapsed: 29 minute(s), 7 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 3720 -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> 1216 -> Delete on reboot.

Memory Modules Detected: 1
C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.

Registry Keys Detected: 8
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\Software\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0B1G1O1S0V1G1F -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3...=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 25
C:\Program Files (x86)\FindRight (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\plugins (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 138
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RI3VP6P.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RJUUP10.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RJWLM0Z.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RWCV9VX.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-802716480-2462033193-2097298831-1000\$RXIFBV2.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\embededstub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\embededstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsc7536.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsd1AE6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsd385.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsd571D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsd689B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsdB42A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsi63D9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsi6CFF.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsi804F.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsi8C32.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsj41E5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsj4248.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsj4E2B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsnFA9E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nso4649.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nso527B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nso5721.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsoAA69.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsr1D29.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nss15C6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nstBCC3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsx1F0B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsxC8A.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsy4A7E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsy5B43.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\spstub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\is1261780760\8656713_stp\FindRightSetup.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsx5296\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\Temp\nsy9EF1\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nseB460.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsj5698.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsoB49E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsuD9DB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\Setup[1].exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\Setup[2].exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\PTXUB0ZO\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\optin[2].php (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\optin[3].php (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\X11CB5JB\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\Z90MGL8S\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\Local Settings\Temporary Internet Files\Content.IE5\Z90MGL8S\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\FindRight.ico (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\0 (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\7za.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\FindRightUninstall.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\updateFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRight.BrowserFilter.Helper.dll.old.a3a3ffc5-9623-40d8-9cf4-01072b2af89d (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\FindRightBrowserFilter.exe (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\sqlite3.dll (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FindRight\bin\utilFindRight.InstallState (PUP.Optional.FindRight.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392270016698 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)
 
DDS.txt log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.45.2
Run by Brittany at 22:01:07 on 2014-02-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1843 [GMT -7:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brittany\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Google Update] "C:\Users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
StartupFolder: C:\Users\Brittany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\wkcalrem.LNK - C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA} : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\0516E64786562763 : DHCPNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\255637E45647 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\255637E45647D214C647 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\C456D636B6562427F63723031323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\E41455 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
TCP: Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}\E41455D27457563747 : DHCPNameServer = 134.114.254.15 134.114.138.3 134.114.96.4
TCP: Interfaces\{35688D3B-93DF-4F8F-9A0B-EFEDB732C0D0} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brittany\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}
FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
.
.
.
.
user_pref(extensions.autoDisableScopes,14);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2012-9-26 144672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-1-29 89600]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-18 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-18 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-4 216640]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-9-26 139840]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys [2012-11-19 176520]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-9-26 232512]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-9-26 357400]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-4 2869824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-1-29 2320920]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-12-5 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-12 151040]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-18 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2010-1-29 200736]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-29 291328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012-9-26 1998400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-1-29 232480]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2012-9-26 36640]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-12-28 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-4 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2011-1-4 25608]
SUnknown nmlayqxg;nmlayqxg; [x]
.
=============== Created Last 30 ================
.
2014-02-19 04:55:53 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{979E65E3-3EC0-4704-97DB-1C55FC48A94C}\offreg.dll
2014-02-19 04:03:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-19 04:03:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 03:59:52 97041 ----a-w- C:\ProgramData\1392782340.bdinstall.bin
2014-02-19 03:51:49 9227 ----a-w- C:\ProgramData\1392781894.4364.bin
2014-02-19 03:51:38 2406 ----a-w- C:\ProgramData\1392781894.4764.bin
2014-02-19 03:51:38 1804 ----a-w- C:\ProgramData\1392781894.2472.bin
2014-02-19 03:51:34 42960 ----a-w- C:\ProgramData\1392781894.5200.bin
2014-02-19 03:51:34 37823 ----a-w- C:\ProgramData\1392781871.bdinstall.bin
2014-02-19 02:08:22 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{979E65E3-3EC0-4704-97DB-1C55FC48A94C}\mpengine.dll
2014-02-18 02:05:47 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C20AC737-25AC-4BD2-B0F0-97BF1EA6D99A}\gapaengine.dll
2014-02-18 02:05:19 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 05:11:42 219669 ----a-w- C:\ProgramData\1392613507.bdinstall.bin
2014-02-17 04:09:57 1657 ----a-w- C:\ProgramData\1392610193.3368.bin
2014-02-17 04:09:56 2061 ----a-w- C:\ProgramData\1392610193.8468.bin
2014-02-17 04:09:53 44520 ----a-w- C:\ProgramData\1392610193.9588.bin
2014-02-17 04:08:18 45521 ----a-w- C:\ProgramData\1392610036.bdinstall.bin
2014-02-17 04:07:15 -------- d-----w- C:\Users\Brittany\AppData\Roaming\QuickScan
2014-02-17 02:24:05 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing
2014-02-14 02:58:18 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Python-Eggs
2014-02-14 02:58:00 -------- d-----w- C:\Users\Brittany\AppData\Roaming\BitLord
2014-02-14 02:53:22 -------- d-----w- C:\Program Files (x86)\BitLord 2
2014-02-13 14:46:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 14:46:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 14:44:59 7211520 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-02-13 14:41:21 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2014-02-13 06:30:43 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-13 06:30:43 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-13 06:30:43 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-13 06:30:43 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-13 06:30:20 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-13 06:30:19 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-13 06:30:19 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-13 06:30:19 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-13 05:37:46 -------- d-----w- C:\Users\Brittany\AppData\Local\SearchProtect
2014-01-23 06:43:41 -------- d-----w- C:\Users\Brittany\AppData\Roaming\Open Download Manager
2014-01-23 03:35:19 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-20 23:10:19 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-01-20 23:10:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2014-01-20 23:10:19 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2014-01-20 23:10:19 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2014-01-20 23:10:16 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-01-20 23:10:15 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-01-20 23:10:15 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-01-20 23:10:14 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-01-20 23:10:14 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-01-20 23:10:12 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-01-20 23:08:49 -------- d-----w- C:\Program Files (x86)\Dolphin x86
2014-01-20 20:39:00 -------- d-----w- C:\Users\Brittany\.android
2014-01-20 20:38:59 -------- d-----w- C:\Users\Brittany\AppData\Local\cache
2014-01-20 20:38:57 -------- d-----w- C:\Users\Brittany\AppData\Local\Mobogenie
2014-01-20 20:38:57 -------- d-----w- C:\Users\Brittany\AppData\Local\genienext
.
==================== Find3M ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 07:33:03 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-05 07:33:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-01-13 15:29:53 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-01-13 15:28:45 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-01-13 15:28:45 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-01-13 15:28:44 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-12-29 16:20:19 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-12-29 16:20:19 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-12-28 20:08:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-12-28 20:08:02 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-12-28 18:27:22 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-28 17:40:43 113224 ----a-w- C:\Users\Brittany\g2ax_customer_downloadhelper_win32_x86.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 22:16:15.99 ===============
 
Attach.txt log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2010 8:51:07 AM
System Uptime: 2/18/2014 9:54:46 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 140A
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 917/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 89.417 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 3.008 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP568: 2/13/2014 7:54:11 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
RP569: 2/16/2014 8:36:47 AM - Windows Update
RP570: 2/17/2014 6:42:32 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader 9.5.5
Adobe Shockwave Player
Alps Touch Pad Driver
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AudibleManager
Bonjour
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
Dolphin x86
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
ESU for Microsoft Windows 7
FindRight
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0186
HP Wireless Assistant
I.R.I.S. OCR
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel® Matrix Storage Manager
iTunes
Java 7 Update 45
Java(TM) 6 Update 15 (64-bit)
Java(TM) SE Development Kit 6 Update 15 (64-bit)
Junk Mail filter update
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Marketsplash Shortcuts
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Live Search Toolbar
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NaturalReaderFree
NOOK Study
Norton Online Backup
Origin
Paint.NET v3.5.11
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB2.0&PCIE Card Reader
Recovery Manager
Safari
SafeConnect
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
SES Driver
Skype Click to Call
Skype™ 6.11
SmartWebPrinting
Sophos Anti-Virus
Sophos AutoUpdate
Spotify
Steam
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 Town Life Stuff
The Sims™ 3 University Life
The Sims™ 3 World Adventures
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 18.0
.
==== Event Viewer Messages From Past Week ========
.
2/18/2014 9:41:14 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 9:39:13 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f.
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...imalware\Scans\History\Store\B61D532D5FCF19F405559A3FE9EA00D7]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247f48b5]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247a3f93]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2478dffd]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2474e84f]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b246afd19]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014e]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b2481448d]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014e]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2b247fe4f8]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\WINDOWS\SysWOW64\whhelper.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b247843bb]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\WINDOWS\SysWOW64\where.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b24694f63]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\en-US\where.exe.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2b247117b0]).
2/18/2014 9:29:13 PM, Error: SAVOnAccess [84] - "Savservice threads busy" condition cleared - "busy" messages may be logged to system event log again from this point.
2/18/2014 9:28:14 PM, Error: SAVOnAccess [83] - To avoid filling up the system event log, "Savservice threads busy" and similar messages will not be logged until after the service has recovered again
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...Device\HarddiskVolume2\Windows\SysWOW64\en-US\irprops.cpl.mui" (process mbam.exe, start check timestamp [ 1cf2d2b01155dc6]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...ADBC222A5E9E896414FA36060C35_48A5FE0E4C4BF030A44141C37D4E0AF6" (process chrome.exe, start check timestamp [ 1cf2d2b01197c86]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...A8CE4B2A7499F8299A013B6E1C7C_9FE3305CE8FB7AF24C8C7A65C3539514" (process chrome.exe, start check timestamp [ 1cf2d2b01186b12]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b" (process MsMpEng.exe, start check timestamp [ 1cf2d2b010509d9]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b" (process MsMpEng.exe, start check timestamp [ 1cf2d2add2d404e]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2b011adc1b]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2b01155dc6]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\WINDOWS\SysWOW64\irprops.cpl" (process mbam.exe, start check timestamp [ 1cf2d2add3a11be]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003885" (process chrome.exe, start check timestamp [ 1cf2d2b0110f0e6]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\AppData\Local\Google\Chrome\User Data\Default\Cache\f_003884" (process chrome.exe, start check timestamp [ 1cf2d2b0112c5ad]).
2/18/2014 9:28:14 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b.
2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Windows\SysWOW64\en-US\irclass.dll.mui]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2add2c7cfb]).
2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add2e9fe3]).
2/18/2014 9:27:14 PM, Error: SAVOnAccess [85] - File
 
[...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add39eaae]).
2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add1746fc]).
2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add15e767]).
2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014b]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2add159946]).
2/18/2014 9:27:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\SysWOW64\irclass.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2add215942]).
2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ7HCFZ.zip" (process mbam.exe, start check timestamp [ 1cf2d2ac1491a52]).
2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ5EVIE.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac14793ac]).
2/18/2014 9:26:27 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ4AK7H.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac14374ed]).
2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RJ3G4BC.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac1118ec2]).
2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIYWYNW.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac10b260a]).
2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIX1CU6.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac10866df]).
2/18/2014 9:26:26 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIWGBYW.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac101b006]).
2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RIB3NDJ.lnk" (process mbam.exe, start check timestamp [ 1cf2d2ac07f109c]).
2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI9SGBH.JPG" (process mbam.exe, start check timestamp [ 1cf2d2ac07dd818]).
2/18/2014 9:26:25 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI8BHFJ.JPG" (process mbam.exe, start check timestamp [ 1cf2d2a9cb3ca60]).
2/18/2014 9:25:25 PM, Error: SAVOnAccess [85] - File [...in\S-1-5-21-802716480-2462033193-2097298831-1000\$RI3VP6P.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process mbam.exe, (start check timestamp [ 1cf2d2a0cf592e0]).
2/18/2014 9:25:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2a955eb314]).
2/18/2014 9:25:13 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Temp\tmp000021fe\tmp0000014f]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2d2a955d537f]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d94df43]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d94b832]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\TSCHANNEL.DLL" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d92bc5b]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d85c3da]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d859cc9]).
2/18/2014 9:25:00 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\SysWOW64\ktmw32.dll" (process mbamservice.ex, start check timestamp [ 1cf2d2a8d84b266]).
2/18/2014 9:24:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Videos\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1cf2d2a5c74781d]).
2/18/2014 9:24:38 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Users\Public\Pictures\desktop.ini" (process wmpnetwk.exe, start check timestamp [ 1cf2d2a803c89fd]).
2/18/2014 9:18:00 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\WINDOWS\TEMP\tmp000021fe\tmp0000014b.
2/18/2014 8:59:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
2/18/2014 8:59:13 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/18/2014 8:56:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
2/18/2014 8:55:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 8:52:36 PM, Error: Service Control Manager [7031] - The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
2/18/2014 8:51:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 8:35:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 8:33:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 8:02:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: Real-time protection has stopped functioning for an unknown reason. Restart the service in order to recover.
2/18/2014 8:02:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 7:44:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/18/2014 7:43:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/18/2014 7:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/18/2014 7:43:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/18/2014 7:43:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/18/2014 7:43:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf DfsC discache DVMIO gzflt MpFilter NetBIOS NetBT nsiproxy Psched rdbss SAVOnAccess spldr tdx trufos vwififlt Wanarpv6 WfpLwf
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/18/2014 7:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/18/2014 7:41:00 AM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00004676\tmp00002d66.
2/18/2014 7:40:58 AM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000c2f7.
2/18/2014 7:40:50 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 7:40:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 7:32:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DvmMDES service.
2/18/2014 7:16:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 7:05:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 6:53:11 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 5:53:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 3:53:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 3:07:08 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 2:54:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 10:14:14 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000024a4\tmp00000b72.
2/18/2014 10:07:15 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-D761 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D83450F-D0EE-48C2-9441-58B79CADD0CA}. The master browser is stopping or an election is being forced.
2/18/2014 1:32:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 1:24:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/18/2014 1:20:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 9:24:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 8:10:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 7:45:34 PM, Error: Service Control Manager [7000] - The Util FindRight service failed to start due to the following error: Access is denied.
2/17/2014 7:45:34 PM, Error: Service Control Manager [7000] - The Update FindRight service failed to start due to the following error: Access is denied.
2/17/2014 7:42:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
2/17/2014 7:38:41 PM, Error: Service Control Manager [7043] - The Microsoft Antimalware Service service did not shut down properly after receiving a preshutdown control.
2/17/2014 7:32:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 7:16:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 11:25:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 11:20:08 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003 Name: Virus:DOS/EICAR_Test_File ID: 2147519003 Severity: Severe Category: Virus Path: file:_C:\Windows\Temp\tmp000006d6\tmp00000007.126872.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000007.177683.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_11430.qz.113249.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_25997.qz.113247.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_40243.qz.111652.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_4270.qz.113240.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_7901.qz.113268.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_91688.qz.111547.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_94372.qz.113238.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_998.qz.111550.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fd7.108666.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fdf.108657.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fe9.268705.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010fec.267162.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp00010ff3.267227.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0001107a.267165.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0001107f.26879 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.167.27.0, AS: 1.167.27.0, NIS: 109.126.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10003.0
2/17/2014 10:41:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 10:28:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 10:22:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 10:19:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:DOS/EICAR_Test_File&threatid=2147519003 Name: Virus:DOS/EICAR_Test_File ID: 2147519003 Severity: Severe Category: Virus Path: file:_C:\Windows\Temp\tmp000006d6\tmp00000007.126872.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000007.177683.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000145.126431.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp00000227.111549.gzquar;file:_C:\Windows\Temp\tmp000006d6\tmp0000022e.111539.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_40243.qz.111652.gzquar;file:_C:\Windows\Temp\tmp00001f4a\qtmp_998.qz.111550.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c2f7.107664.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c337.111339.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c338.21863.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c363.91306.gzquar;file:_C:\Windows\Temp\tmp00001f4a\tmp0000c366.108914.gzquar Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.167.27.0, AS: 1.167.27.0, NIS: 109.126.0.0 Engine Version: AM: 1.1.10302.0, NIS: 2.1.10003.0
2/17/2014 10:16:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc79.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc78.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc77.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc76.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc75.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc74.
2/17/2014 10:12:32 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fc73.
2/17/2014 10:12:02 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp00001f4a\tmp0000fad1.
2/17/2014 10:08:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
2/16/2014 12:10:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SAM-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1D83450F-D0EE-48C2-9441-58B79CADD0CA}. The master browser is stopping or an election is being forced.
2/16/2014 10:56:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
2/16/2014 10:56:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
2/16/2014 10:55:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
2/16/2014 10:54:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
2/16/2014 10:54:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
2/16/2014 10:53:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...vice\DetectionHistory\12\2A910B40-080F-421C-BC86-2E4B67856CA8]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba4891fb546]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...Device\HarddiskVolume2\Windows\System32\VaultCredProvider.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898871d2]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...ddiskVolume2\Windows\system32\SmartcardCredentialProvider.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898ad332]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process wininit.exe, (start check timestamp [ 1cf2ba48970a40f]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\System32\BioCredProv.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898d3493]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\cursors\aero_working.ani]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process winlogon.exe, (start check timestamp [ 1cf2ba4896be14f]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\cursors\aero_busy.ani]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process winlogon.exe, (start check timestamp [ 1cf2ba48964bd2e]).
2/16/2014 10:53:09 PM, Error: SAVOnAccess [85] - File [...\Device\HarddiskVolume2\Windows\Branding\Basebrd\Basebrd.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process LogonUI.exe, (start check timestamp [ 1cf2ba4898871d2]).
2/16/2014 10:53:08 PM, Error: SAVOnAccess [85] - File [...vice\DetectionHistory\13\D7ADA63B-B958-4279-B395-C44722EBD4E7]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba488c540fc]).
2/16/2014 10:53:08 PM, Error: SAVOnAccess [85] - File [...imalware\Scans\History\Store\3524706173074BAEAAFC931688669B2D]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process MsMpEng.exe, (start check timestamp [ 1cf2ba488c540fc]).
2/16/2014 10:53:06 PM, Error: SAVOnAccess [55] - The on-access driver failed to perform a user action on file \Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001.
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e58fafac]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e58e290c]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process winlogon.exe, start check timestamp [ 1cf2ba3e549a5d0]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\System32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e54a4212]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e54a1b01]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\system32\LogonUI.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e549f3f1]).
2/16/2014 10:48:34 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\windows\system32\logonui.exe" (process gzserv.exe, start check timestamp [ 1cf2ba3e549cce0]).
2/16/2014 10:48:33 PM, Error: SAVOnAccess [80] - SAV service threads all busy: on-access driver could not request scan for file "...\Device\HarddiskVolume2\Windows\Temp\tmp000042a9\tmp00000001" (process MsMpEng.exe, start check timestamp [ 1cf2ba3e4f54bc6]).
2/16/2014 10:09:26 PM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Thank you!
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
You're running two AV programs, MSE and Sophos.
You must uninstall one of them.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
-I uninstalled MSE
-all the random ads are gone
-computer doesn't seem to be overheating anymore

-RK reports:

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brittany [Admin rights]
Mode : Scan -- Date : 02/19/2014 20:38:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] {53CBC169-092D-4B46-B3F8-BB0FD734D69B} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND
[V2][SUSP PATH] {9723276D-8DC0-42AE-BBC5-D7EA5D752B35} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND
[V2][SUSP PATH] {9951B8CD-E3B7-4563-93C2-A909723C78CA} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY +++++
--- User ---
[MBR] 35ae13969b37e9a4358d3237b335ff2c
[BSP] 964b4ec2e8778baff0df4d19b8567303 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457422 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937209856 | Size: 19214 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02192014_203858.txt >>


RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brittany [Admin rights]
Mode : Remove -- Date : 02/19/2014 20:40:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] {53CBC169-092D-4B46-B3F8-BB0FD734D69B} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
[V2][SUSP PATH] {9723276D-8DC0-42AE-BBC5-D7EA5D752B35} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
[V2][SUSP PATH] {9951B8CD-E3B7-4563-93C2-A909723C78CA} : C:\Users\Brittany\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5056GSY +++++
--- User ---
[MBR] 35ae13969b37e9a4358d3237b335ff2c
[BSP] 964b4ec2e8778baff0df4d19b8567303 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 457422 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 937209856 | Size: 19214 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_02192014_204020.txt >>
RKreport[0]_S_02192014_203858.txt


-mbar log:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Brittany :: BRITTANY-PC [administrator]

2/19/2014 8:56:04 PM
mbar-log-2014-02-19 (20-56-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 248827
Time elapsed: 20 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


-system log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16518

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.127000 GHz
Memory total: 4083982336, free: 1824419840

Downloaded database version: v2014.02.20.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
02/19/2014 20:55:58
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\savonaccess.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\SPLASH.SYS\config\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Impcd.sys
\SystemRoot\system32\DRIVERS\enecir.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\psapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005842060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049df050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005842060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80056e4930, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005842060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80056e3a20, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa80049dadd0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80049df050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F8071B56

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 936800256

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 937209856 Numsec = 39350272

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 976560128 Numsec = 210992

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Thanks again!
 
Good news :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
-Combofix log:

ComboFix 14-02-19.01 - Brittany 02/19/2014 21:49:20.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2043 [GMT -7:00]

Running from: c:\users\Brittany\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\1392610036.bdinstall.bin

c:\programdata\1392610193.3368.bin

c:\programdata\1392610193.8468.bin

c:\programdata\1392610193.9588.bin

c:\programdata\1392613507.bdinstall.bin

c:\programdata\1392781871.bdinstall.bin

c:\programdata\1392781894.2472.bin

c:\programdata\1392781894.4364.bin

c:\programdata\1392781894.4764.bin

c:\programdata\1392781894.5200.bin

c:\programdata\1392782340.bdinstall.bin

c:\users\Brittany\AppData\Roaming\.#

c:\users\Brittany\g2ax_customer_downloadhelper_win32_x86.exe

c:\users\Public\videos\HP MediaSmart Demo.exe

.

.

((((((((((((((((((((((((( Files Created from 2014-01-20 to 2014-02-20 )))))))))))))))))))))))))))))))

.

.

2014-02-20 05:00 . 2014-02-20 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-20 03:55 . 2014-02-20 04:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-02-20 03:55 . 2014-02-20 03:55 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-02-20 03:54 . 2014-02-20 03:54 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-02-19 04:03 . 2014-02-19 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-19 04:03 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-17 04:07 . 2014-02-17 05:06 -------- d-----w- c:\users\Brittany\AppData\Roaming\QuickScan

2014-02-17 02:24 . 2014-02-19 03:40 -------- d-----w- c:\users\Brittany\AppData\Roaming\Nico Mak Computing

2014-02-14 02:58 . 2014-02-14 02:58 -------- d-----w- c:\users\Brittany\AppData\Roaming\Python-Eggs

2014-02-14 02:58 . 2014-02-14 03:33 -------- d-----w- c:\users\Brittany\AppData\Roaming\BitLord

2014-02-14 02:53 . 2014-02-14 04:51 -------- d-----w- c:\program files (x86)\BitLord 2

2014-02-13 14:46 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-13 14:46 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-13 14:44 . 2014-02-06 11:22 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll

2014-02-13 14:41 . 2014-02-13 14:41 -------- d-----w- c:\windows\SysWow64\SearchProtect

2014-02-13 06:30 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-13 06:30 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll

2014-02-13 06:30 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2014-02-13 06:30 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-02-13 06:30 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2014-02-13 06:30 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2014-02-13 06:30 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2014-02-13 06:30 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2014-02-13 05:37 . 2014-02-13 05:38 -------- d-----w- c:\users\Brittany\AppData\Local\SearchProtect

2014-01-23 06:43 . 2014-01-23 07:01 -------- d-----w- c:\users\Brittany\AppData\Roaming\Open Download Manager

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-18 01:46 . 2010-06-05 16:15 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-02-05 07:33 . 2013-02-23 06:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-02-05 07:33 . 2013-02-23 06:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-19 07:33 . 2010-05-31 16:00 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-01-13 15:33 . 2014-01-13 15:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-01-13 15:33 . 2014-01-13 15:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-01-13 15:33 . 2014-01-13 15:33 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-01-13 15:33 . 2014-01-13 15:33 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-01-13 15:33 . 2014-01-13 15:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-01-13 15:33 . 2014-01-13 15:33 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-01-13 15:33 . 2014-01-13 15:33 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2014-01-13 15:33 . 2014-01-13 15:33 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-01-13 15:33 . 2014-01-13 15:33 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-01-13 15:33 . 2014-01-13 15:33 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-01-13 15:33 . 2014-01-13 15:33 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-01-13 15:33 . 2014-01-13 15:33 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2014-01-13 15:33 . 2014-01-13 15:33 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-01-13 15:33 . 2014-01-13 15:33 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-01-13 15:33 . 2014-01-13 15:33 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-01-13 15:33 . 2014-01-13 15:33 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-01-13 15:33 . 2014-01-13 15:33 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-01-13 15:33 . 2014-01-13 15:33 247808 ----a-w- c:\windows\system32\msls31.dll

2014-01-13 15:33 . 2014-01-13 15:33 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-01-13 15:33 . 2014-01-13 15:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-01-13 15:33 . 2014-01-13 15:33 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-01-13 15:33 . 2014-01-13 15:33 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-01-13 15:33 . 2014-01-13 15:33 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-01-13 15:33 . 2014-01-13 15:33 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2014-01-13 15:33 . 2014-01-13 15:33 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2014-01-13 15:33 . 2014-01-13 15:33 413696 ----a-w- c:\windows\system32\html.iec

2014-01-13 15:33 . 2014-01-13 15:33 296960 ----a-w- c:\windows\system32\dxtrans.dll

2014-01-13 15:33 . 2014-01-13 15:33 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-01-13 15:33 . 2014-01-13 15:33 81408 ----a-w- c:\windows\system32\icardie.dll

2014-01-13 15:33 . 2014-01-13 15:33 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-01-13 15:33 . 2014-01-13 15:33 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2014-01-13 15:33 . 2014-01-13 15:33 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-01-13 15:33 . 2014-01-13 15:33 235520 ----a-w- c:\windows\system32\url.dll

2014-01-13 15:33 . 2014-01-13 15:33 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-01-13 15:33 . 2014-01-13 15:33 84992 ----a-w- c:\windows\system32\mshtmled.dll

2014-01-13 15:33 . 2014-01-13 15:33 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-01-13 15:33 . 2014-01-13 15:33 143872 ----a-w- c:\windows\system32\wextract.exe

2014-01-13 15:33 . 2014-01-13 15:33 101376 ----a-w- c:\windows\system32\inseng.dll

2014-01-13 15:33 . 2014-01-13 15:33 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-01-13 15:33 . 2014-01-13 15:33 774144 ----a-w- c:\windows\system32\jscript.dll

2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-01-13 15:33 . 2014-01-13 15:33 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-01-13 15:33 . 2014-01-13 15:33 147968 ----a-w- c:\windows\system32\occache.dll

2014-01-13 15:33 . 2014-01-13 15:33 13824 ----a-w- c:\windows\system32\mshta.exe

2014-01-13 15:33 . 2014-01-13 15:33 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-01-13 15:29 . 2014-01-13 15:29 362496 ----a-w- c:\windows\system32\wow64win.dll

2014-01-13 15:29 . 2014-01-13 15:29 243712 ----a-w- c:\windows\system32\wow64.dll

2014-01-13 15:29 . 2014-01-13 15:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2014-01-13 15:29 . 2014-01-13 15:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2014-01-13 15:29 . 2014-01-13 15:29 878080 ----a-w- c:\windows\system32\advapi32.dll

2014-01-13 15:29 . 2014-01-13 15:29 859648 ----a-w- c:\windows\system32\tdh.dll

2014-01-13 15:29 . 2014-01-13 15:29 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2014-01-13 15:29 . 2014-01-13 15:29 1732032 ----a-w- c:\windows\system32\ntdll.dll

2014-01-13 15:29 . 2014-01-13 15:29 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2014-01-13 15:29 . 2014-01-13 15:29 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2014-01-13 15:29 . 2014-01-13 15:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2014-01-13 15:29 . 2014-01-13 15:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2014-01-13 15:29 . 2014-01-13 15:29 2048 ----a-w- c:\windows\SysWow64\user.exe

2014-01-13 15:29 . 2014-01-13 15:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2014-01-13 15:29 . 2014-01-13 15:29 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2014-01-13 15:29 . 2014-01-13 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2014-01-13 15:29 . 2014-01-13 15:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2014-01-13 15:29 . 2014-01-13 15:29 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2014-01-13 15:29 . 2014-01-13 15:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2014-01-13 15:28 . 2014-01-13 15:28 327168 ----a-w- c:\windows\system32\mswsock.dll

2014-01-13 15:28 . 2014-01-13 15:28 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2014-01-13 15:28 . 2014-01-13 15:28 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-12-29 16:22 . 2013-12-29 16:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-12-29 16:22 . 2013-12-29 16:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-12-29 16:22 . 2013-12-29 16:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-12-29 16:22 . 2013-12-29 16:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]

"Spotify Web Helper"="c:\users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-16 1171968]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-09-26 900160]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

.

c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2012-11-19 298888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 cjxhlonj;cjxhlonj;c:\windows\system32\drivers\cjxhlonj.sys;c:\windows\SYSNATIVE\drivers\cjxhlonj.sys [x]

R1 dkjyosnb;dkjyosnb;c:\windows\system32\drivers\dkjyosnb.sys;c:\windows\SYSNATIVE\drivers\dkjyosnb.sys [x]

R1 fwbrsvnj;fwbrsvnj;c:\windows\system32\drivers\fwbrsvnj.sys;c:\windows\SYSNATIVE\drivers\fwbrsvnj.sys [x]

R1 fxyjjupe;fxyjjupe;c:\windows\system32\drivers\fxyjjupe.sys;c:\windows\SYSNATIVE\drivers\fxyjjupe.sys [x]

R1 guqoanff;guqoanff;c:\windows\system32\drivers\guqoanff.sys;c:\windows\SYSNATIVE\drivers\guqoanff.sys [x]

R1 jwraxanq;jwraxanq;c:\windows\system32\drivers\jwraxanq.sys;c:\windows\SYSNATIVE\drivers\jwraxanq.sys [x]

R1 lwrxddun;lwrxddun;c:\windows\system32\drivers\lwrxddun.sys;c:\windows\SYSNATIVE\drivers\lwrxddun.sys [x]

R1 orhkgusy;orhkgusy;c:\windows\system32\drivers\orhkgusy.sys;c:\windows\SYSNATIVE\drivers\orhkgusy.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]

S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]

S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]

S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]

S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]

S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - NisDrv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 07:33]

.

2014-02-19 c:\windows\Tasks\DriverToolkit Autorun.job

- c:\program files (x86)\DriverToolkit\DriverToolkit.exe [2014-01-13 21:22]

.

2014-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]

.

2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]

.

2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job

- c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]

.

2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job

- c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]

.

2014-02-16 c:\windows\Tasks\HPCeeScheduleForBrittany.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-29 21720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=

FF - prefs.js: browser.search.selectedEngine - Conduit Search

FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}

FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

user_pref(extensions.autoDisableScopes,14);

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\Updater By SweetPacks\Extension64.dll

AddRemove-{DF802C05-4660-418c-970C-B988ADB1D316} - c:\program files (x86)\MSN\Toolbar\3.0.0566.0\OEMSetup.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\Software\SecuROM\License information*]

"datasecu"=hex:08,b3,c8,c4,06,75,dd,cf,a9,32,2a,b1,2a,ab,1d,66,26,26,fd,41,8f,

ab,c7,7b,63,6f,d1,0a,28,ec,1b,43,9f,17,ba,12,00,51,ea,38,a0,14,a3,b3,11,00,\

"rkeysecu"=hex:f0,43,a4,21,bd,dd,14,54,d5,c2,1e,52,cd,45,96,28

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-02-19 22:04:32

ComboFix-quarantined-files.txt 2014-02-20 05:04

.

Pre-Run: 101,779,980,288 bytes free

Post-Run: 103,183,716,352 bytes free

.

- - End Of File - - B2FBF1FA42B9B58802A8D53879037B94

083EBF71AAB045AE6C5F3F9189F8327B
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::

Folder::
c:\windows\SysWow64\SearchProtect
c:\users\Brittany\AppData\Local\SearchProtect


Driver::
orhkgusy
lwrxddun
jwraxanq
guqoanff
fxyjjupe
fwbrsvnj
dkjyosnb
cjxhlonj

Firefox::
FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B&SSPV=
FF - prefs.js: browser.search.selectedEngine - Conduit Search


Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix log:

ComboFix 14-02-20.01 - Brittany 02/20/2014 19:00:19.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2273 [GMT -7:00]
Running from: c:\users\Brittany\Desktop\ComboFix.exe
Command switches used :: c:\users\Brittany\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brittany\AppData\Local\SearchProtect
c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat
c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat
c:\users\Brittany\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat
c:\users\Brittany\AppData\Local\SearchProtect\UI\rep\UIRepository.dat
c:\users\Brittany\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
c:\windows\SysWow64\SearchProtect
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cjxhlonj
-------\Service_dkjyosnb
-------\Service_fwbrsvnj
-------\Service_fxyjjupe
-------\Service_guqoanff
-------\Service_jwraxanq
-------\Service_lwrxddun
-------\Service_orhkgusy
.
.
((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))
.
.
2014-02-21 02:14 . 2014-02-21 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-20 17:08 . 2014-02-17 08:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7B84CB2-151B-456B-BCDA-07F1578E84CE}\mpengine.dll
2014-02-20 03:55 . 2014-02-20 04:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-20 03:54 . 2014-02-20 03:54 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-19 04:03 . 2014-02-19 04:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-19 04:03 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-17 04:07 . 2014-02-17 05:06 -------- d-----w- c:\users\Brittany\AppData\Roaming\QuickScan
2014-02-17 02:24 . 2014-02-19 03:40 -------- d-----w- c:\users\Brittany\AppData\Roaming\Nico Mak Computing
2014-02-14 02:58 . 2014-02-14 02:58 -------- d-----w- c:\users\Brittany\AppData\Roaming\Python-Eggs
2014-02-14 02:58 . 2014-02-14 03:33 -------- d-----w- c:\users\Brittany\AppData\Roaming\BitLord
2014-02-14 02:53 . 2014-02-14 04:51 -------- d-----w- c:\program files (x86)\BitLord 2
2014-02-13 14:46 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 14:46 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 14:44 . 2014-02-06 11:22 7211520 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-02-13 06:30 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 06:30 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 06:30 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-13 06:30 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-13 06:30 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-13 06:30 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 06:30 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-13 06:30 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-01-23 06:43 . 2014-01-23 07:01 -------- d-----w- c:\users\Brittany\AppData\Roaming\Open Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 01:46 . 2010-06-05 16:15 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 07:33 . 2013-02-23 06:22 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 07:33 . 2013-02-23 06:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-13 15:33 . 2014-01-13 15:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-13 15:33 . 2014-01-13 15:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-01-13 15:33 . 2014-01-13 15:33 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-01-13 15:33 . 2014-01-13 15:33 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-01-13 15:33 . 2014-01-13 15:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-01-13 15:33 . 2014-01-13 15:33 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-01-13 15:33 . 2014-01-13 15:33 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-01-13 15:33 . 2014-01-13 15:33 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-01-13 15:33 . 2014-01-13 15:33 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-01-13 15:33 . 2014-01-13 15:33 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-01-13 15:33 . 2014-01-13 15:33 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-01-13 15:33 . 2014-01-13 15:33 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-01-13 15:33 . 2014-01-13 15:33 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-01-13 15:33 . 2014-01-13 15:33 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-01-13 15:33 . 2014-01-13 15:33 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-01-13 15:33 . 2014-01-13 15:33 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-01-13 15:33 . 2014-01-13 15:33 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-13 15:33 . 2014-01-13 15:33 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-13 15:33 . 2014-01-13 15:33 247808 ----a-w- c:\windows\system32\msls31.dll
2014-01-13 15:33 . 2014-01-13 15:33 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-13 15:33 . 2014-01-13 15:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-01-13 15:33 . 2014-01-13 15:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-01-13 15:33 . 2014-01-13 15:33 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-01-13 15:33 . 2014-01-13 15:33 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-13 15:33 . 2014-01-13 15:33 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-13 15:33 . 2014-01-13 15:33 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-01-13 15:33 . 2014-01-13 15:33 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-13 15:33 . 2014-01-13 15:33 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-01-13 15:33 . 2014-01-13 15:33 413696 ----a-w- c:\windows\system32\html.iec
2014-01-13 15:33 . 2014-01-13 15:33 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-01-13 15:33 . 2014-01-13 15:33 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-01-13 15:33 . 2014-01-13 15:33 81408 ----a-w- c:\windows\system32\icardie.dll
2014-01-13 15:33 . 2014-01-13 15:33 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-13 15:33 . 2014-01-13 15:33 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-01-13 15:33 . 2014-01-13 15:33 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-01-13 15:33 . 2014-01-13 15:33 235520 ----a-w- c:\windows\system32\url.dll
2014-01-13 15:33 . 2014-01-13 15:33 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-13 15:33 . 2014-01-13 15:33 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-01-13 15:33 . 2014-01-13 15:33 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-01-13 15:33 . 2014-01-13 15:33 143872 ----a-w- c:\windows\system32\wextract.exe
2014-01-13 15:33 . 2014-01-13 15:33 101376 ----a-w- c:\windows\system32\inseng.dll
2014-01-13 15:33 . 2014-01-13 15:33 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-13 15:33 . 2014-01-13 15:33 774144 ----a-w- c:\windows\system32\jscript.dll
2014-01-13 15:33 . 2014-01-13 15:33 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-01-13 15:33 . 2014-01-13 15:33 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-01-13 15:33 . 2014-01-13 15:33 147968 ----a-w- c:\windows\system32\occache.dll
2014-01-13 15:33 . 2014-01-13 15:33 13824 ----a-w- c:\windows\system32\mshta.exe
2014-01-13 15:33 . 2014-01-13 15:33 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-01-13 15:29 . 2014-01-13 15:29 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-01-13 15:29 . 2014-01-13 15:29 243712 ----a-w- c:\windows\system32\wow64.dll
2014-01-13 15:29 . 2014-01-13 15:29 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-01-13 15:29 . 2014-01-13 15:29 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-01-13 15:29 . 2014-01-13 15:29 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-01-13 15:29 . 2014-01-13 15:29 859648 ----a-w- c:\windows\system32\tdh.dll
2014-01-13 15:29 . 2014-01-13 15:29 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-01-13 15:29 . 2014-01-13 15:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-01-13 15:29 . 2014-01-13 15:29 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-01-13 15:29 . 2014-01-13 15:29 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-01-13 15:29 . 2014-01-13 15:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-01-13 15:29 . 2014-01-13 15:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-01-13 15:29 . 2014-01-13 15:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-01-13 15:29 . 2014-01-13 15:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-01-13 15:29 . 2014-01-13 15:29 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-01-13 15:29 . 2014-01-13 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-01-13 15:29 . 2014-01-13 15:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-01-13 15:29 . 2014-01-13 15:29 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-01-13 15:29 . 2014-01-13 15:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-01-13 15:28 . 2014-01-13 15:28 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-01-13 15:28 . 2014-01-13 15:28 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-01-13 15:28 . 2014-01-13 15:28 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-29 16:22 . 2013-12-29 16:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-29 16:22 . 2013-12-29 16:22 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-12-29 16:22 . 2013-12-29 16:22 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-12-29 16:22 . 2013-12-29 16:22 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-12-29 16:22 . 2013-12-29 16:22 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-29 16:22 . 2013-12-29 16:22 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Spotify Web Helper"="c:\users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-16 1171968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-09-26 900160]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-6-21 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2012-11-19 298888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys;c:\splash.sys\config\dvmio.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe;c:\splash.sys\config\DVMExportService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 07:33]
.
2014-02-21 c:\windows\Tasks\DriverToolkit Autorun.job
- c:\program files (x86)\DriverToolkit\DriverToolkit.exe [2014-01-13 21:22]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 04:54]
.
2014-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job
- c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job
- c:\users\Brittany\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-18 01:00]
.
2014-02-16 c:\windows\Tasks\HPCeeScheduleForBrittany.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}]
c:\program files\Updater By SweetPacks\Extension64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-10 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-10 408600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-10-21 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\
FF - prefs.js: browser.search.defaulturl -
FF - ExtSQL: 2014-02-13 21:26; {42e50651-9669-456e-9081-d5a836274274}; c:\users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\{42e50651-9669-456e-9081-d5a836274274}
FF - ExtSQL: !HIDDEN! 2010-05-31 09:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{DF802C05-4660-418c-970C-B988ADB1D316} - c:\program files (x86)\MSN\Toolbar\3.0.0566.0\OEMSetup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,b3,c8,c4,06,75,dd,cf,a9,32,2a,b1,2a,ab,1d,66,26,26,fd,41,8f,
ab,c7,7b,63,6f,d1,0a,28,ec,1b,43,9f,17,ba,12,00,51,ea,38,a0,14,a3,b3,11,00,\
"rkeysecu"=hex:f0,43,a4,21,bd,dd,14,54,d5,c2,1e,52,cd,45,96,28
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\SafeConnect\scManager.sys
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2014-02-20 19:22:17 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-21 02:22
ComboFix2.txt 2014-02-20 05:33
ComboFix3.txt 2014-02-20 05:04
.
Pre-Run: 103,054,274,560 bytes free
Post-Run: 102,806,024,192 bytes free
.
- - End Of File - - F37AFD13E6A9F5E81B34E28D7E3C173A
083EBF71AAB045AE6C5F3F9189F8327B
 
Looks good.

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is operating normally as far as I can tell. I would have no reason to notice malware.

AdwCleaner log:

# AdwCleaner v3.019 - Report created 20/02/2014 at 20:26:53
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Brittany - BRITTANY-PC
# Running from : C:\Users\Brittany\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Users\Brittany\AppData\Local\genienext
Folder Deleted : C:\Users\Brittany\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Brittany\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Brittany\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\Brittany\Documents\BitLord
Folder Deleted : C:\Users\Brittany\Documents\Mobogenie
Folder Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\SweetPacksToolbarData
File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\MyStart.xml
File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222142226}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266146626}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266146626}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v19.0 (en-US)

[ File : C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13ded7df69fa1e4dbfdf9f387498faf3");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={256ADF48-D9A7-445C-B787-E632A626F3A5}&mid=c98f7ecef64043f8ad4bae526baf1b1c-a60754453d27239fd33d61bb3d19aad[...]
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{574B339E-919D-11E2-923D-705AB68B0A73}");
Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={574B339E-919D-11E2-923D-705AB68B0A73}");
Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Line Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3321727&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SP4D33A285-D84D-442E-9AD0-7E92569A5D0B");

-\\ Google Chrome v

[ File : C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16855 octets] - [20/02/2014 20:26:02]
AdwCleaner[S0].txt - [16648 octets] - [20/02/2014 20:26:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16709 octets] ##########


JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Brittany on Thu 02/20/2014 at 20:36:20.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-802716480-2462033193-2097298831-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at 20:46:56.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logs:


OTL logfile created on: 2/20/2014 9:03:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brittany\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16518)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.32% Memory free

7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.70 Gb Total Space | 95.56 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Drive D: | 18.76 Gb Total Space | 3.01 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32


Computer Name: BRITTANY-PC | User Name: Brittany | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


========== Processes (SafeList) ==========


PRC - [2014/02/20 21:03:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

PRC - [2014/01/16 00:16:41 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/01/13 14:22:34 | 001,286,656 | ---- | M] (Megaify Software Co., Ltd.) -- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

PRC - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/04 09:32:15 | 002,869,824 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

PRC - [2012/12/04 09:32:10 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

PRC - [2012/11/19 12:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys

PRC - [2012/11/19 12:12:32 | 000,298,888 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe

PRC - [2012/09/26 16:44:05 | 000,900,160 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe

PRC - [2012/09/26 16:44:03 | 000,232,512 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

PRC - [2012/09/26 16:43:10 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe

PRC - [2012/09/26 16:42:40 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

PRC - [2009/10/06 00:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe

PRC - [2007/06/21 05:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe



========== Modules (No Company Name) ==========


MOD - [2014/02/13 18:33:21 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll

MOD - [2014/02/13 17:44:47 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll

MOD - [2014/02/13 17:43:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll

MOD - [2014/02/13 17:43:43 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4f41ca6f8bf8621aebcbaf7e2f07ecd7\System.Data.ni.dll

MOD - [2014/02/13 17:43:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll

MOD - [2014/02/13 17:42:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll

MOD - [2014/02/13 17:41:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll

MOD - [2014/02/13 17:41:35 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f9bb7cc29930815b098e26853962c1de\UIAutomationTypes.ni.dll

MOD - [2014/02/13 17:41:30 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll

MOD - [2014/02/13 17:40:51 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll

MOD - [2014/02/13 17:40:31 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll

MOD - [2014/02/13 17:40:20 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll

MOD - [2014/02/13 17:40:15 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll

MOD - [2014/02/13 17:39:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll

MOD - [2013/04/09 22:55:54 | 000,093,032 | ---- | M] () -- C:\Program Files (x86)\DriverToolkit\zlibwapi.dll

MOD - [2013/04/05 21:54:07 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2009/10/06 00:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009/09/29 16:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009/09/29 16:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009/09/29 16:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009/09/29 16:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009/09/29 16:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009/09/29 16:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009/09/29 16:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009/09/29 16:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll



========== Services (SafeList) ==========


SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)

SRV - [2014/02/05 00:33:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/01/27 12:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/08/06 17:33:16 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/15 17:35:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/04 09:32:15 | 002,869,824 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)

SRV - [2012/12/04 09:32:10 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)

SRV - [2012/12/04 09:31:59 | 001,998,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64)

SRV - [2012/11/19 12:12:34 | 000,176,520 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/09/26 16:44:03 | 000,232,512 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)

SRV - [2012/09/26 16:43:10 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)

SRV - [2012/09/26 16:42:40 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/21 00:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)

SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)



========== Driver Services (SafeList) ==========


DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/26 16:43:34 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)

DRV:64bit: - [2012/09/26 16:42:56 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2011/01/04 11:55:38 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/11/12 13:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2009/11/12 13:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/11/05 23:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/10/30 12:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/10/21 00:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/10/12 19:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/26 07:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 14:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/06/29 11:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/12 19:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/09/27 14:47:24 | 000,021,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========


IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7



IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =


IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =


IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{2877D0D2-F02E-43CC-95FB-D3000EE62561}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{37C79003-9B01-4071-A680-9E124F4E09CA}: "URL" = http://www.google.com/search?q={sea...tIndex?}&startPage={startPage}&rlz=1I7ADRA_en

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{53F58931-3822-4A0E-B79F-D36E06C376EE}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========


FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: ""

FF - user.js - File not found


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brittany\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brittany\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)


64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 09:15:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/26 19:48:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 09:15:42 | 000,000,000 | ---D | M]


[2013/03/03 09:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Extensions

[2014/02/20 20:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions

[2013/01/30 11:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi

[2014/02/12 18:28:40 | 000,008,114 | ---- | M] () (No name found) -- C:\Users\Brittany\AppData\Roaming\Mozilla\Firefox\Profiles\dzzcxqa6.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi

[2013/03/03 09:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/02/15 17:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/02/15 17:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/02/15 17:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml


========== Chrome ==========


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brittany\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Cloud Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\

CHR - Extension: StayFocusd = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0\

CHR - Extension: Skype Click to Call = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\

CHR - Extension: Google Wallet = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Tumblr Savior = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.11_0\

CHR - Extension: Google Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

CHR - Extension: Gmail = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: YouTube = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Cloud Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\

CHR - Extension: StayFocusd = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.7_0\

CHR - Extension: Skype Click to Call = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\

CHR - Extension: Google Wallet = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Tumblr Savior = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.11_0\

CHR - Extension: Google Reader = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\

CHR - Extension: Gmail = C:\Users\Brittany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\


O1 HOSTS File: ([2014/02/20 19:16:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost
 
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found

O3:64bit: - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)

O4 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000..\Run: [Spotify Web Helper] C:\Users\Brittany\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - Startup: C:\Users\Brittany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D83450F-D0EE-48C2-9441-58B79CADD0CA}: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35688D3B-93DF-4F8F-9A0B-EFEDB732C0D0}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)

O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========


[2014/02/20 21:03:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

[2014/02/20 20:36:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/02/20 20:34:24 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Brittany\Desktop\JRT.exe

[2014/02/20 20:25:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/02/20 19:22:21 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2014/02/20 19:16:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/02/19 21:47:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2014/02/19 21:47:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2014/02/19 21:47:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2014/02/19 21:47:05 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/02/19 21:46:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2014/02/19 21:40:47 | 005,183,886 | R--- | C] (Swearware) -- C:\Users\Brittany\Desktop\ComboFix.exe

[2014/02/19 20:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2014/02/19 20:54:45 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/02/19 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Desktop\mbar

[2014/02/19 20:51:46 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Documents\Malwarebytes Anti-Rootkit

[2014/02/19 20:36:13 | 000,000,000 | ---D | C] -- C:\Users\Brittany\Desktop\RK_Quarantine

[2014/02/19 20:30:50 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2014/02/18 21:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/02/18 21:03:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/02/18 21:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2014/02/16 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\QuickScan

[2014/02/16 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing

[2014/02/13 19:58:18 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Python-Eggs

[2014/01/22 23:43:41 | 000,000,000 | ---D | C] -- C:\Users\Brittany\AppData\Roaming\Open Download Manager

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


========== Files - Modified Within 30 Days ==========


[2014/02/20 21:03:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brittany\Desktop\OTL.exe

[2014/02/20 20:57:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000UA.job

[2014/02/20 20:39:13 | 000,000,165 | -H-- | M] () -- C:\dvmexp.idx

[2014/02/20 20:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/02/20 20:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/02/20 20:34:31 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Brittany\Desktop\JRT.exe

[2014/02/20 20:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/02/20 20:30:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/02/20 20:30:07 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\DriverToolkit Autorun.job

[2014/02/20 20:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/02/20 20:28:46 | 3062,984,704 | -HS- | M] () -- C:\hiberfil.sys

[2014/02/20 20:25:26 | 001,241,834 | ---- | M] () -- C:\Users\Brittany\Desktop\adwcleaner.exe

[2014/02/20 20:25:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/02/20 19:16:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2014/02/20 18:58:06 | 005,183,886 | R--- | M] (Swearware) -- C:\Users\Brittany\Desktop\ComboFix.exe

[2014/02/19 21:57:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802716480-2462033193-2097298831-1000Core.job

[2014/02/19 20:54:45 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/02/19 20:34:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/02/19 20:34:24 | 003,817,984 | ---- | M] () -- C:\Users\Brittany\Desktop\RogueKiller.exe

[2014/02/19 10:19:58 | 001,266,669 | ---- | M] () -- C:\Users\Brittany\Desktop\340dontlikenothin.wma

[2014/02/18 21:03:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/02/16 12:07:58 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrittany.job

[2014/02/13 08:09:57 | 000,773,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/02/13 08:09:57 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/02/13 08:09:57 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/02/13 08:09:46 | 000,773,482 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]


========== Files Created - No Company Name ==========


[2014/02/20 20:25:16 | 001,241,834 | ---- | C] () -- C:\Users\Brittany\Desktop\adwcleaner.exe

[2014/02/19 21:47:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2014/02/19 21:47:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2014/02/19 21:47:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2014/02/19 21:47:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2014/02/19 21:47:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2014/02/19 20:34:22 | 003,817,984 | ---- | C] () -- C:\Users\Brittany\Desktop\RogueKiller.exe

[2014/02/19 10:19:56 | 001,266,669 | ---- | C] () -- C:\Users\Brittany\Desktop\340dontlikenothin.wma

[2014/02/18 21:03:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/23 00:50:12 | 000,000,165 | -H-- | C] () -- C:\dvmexp.idx

[2013/10/22 15:39:15 | 000,003,584 | ---- | C] () -- C:\Users\Brittany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/05/03 14:34:21 | 000,000,138 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\wklnhst.dat

[2012/03/03 22:17:15 | 000,000,032 | ---- | C] () -- C:\Users\Brittany\jagex_cl_runescape_LIVE.dat

[2010/12/22 09:43:08 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.1

[2010/12/22 09:43:06 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.JPG

[2010/12/22 09:43:06 | 001,294,414 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpMONST2568.0

[2010/12/17 09:00:14 | 000,001,854 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\GhostObjGAFix.xml

[2010/10/25 17:26:50 | 002,606,522 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpIMG_0703.0

[2010/10/25 17:26:50 | 001,212,734 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpIMG_0703.JPG

[2010/09/16 22:46:17 | 000,000,130 | ---- | C] () -- C:\Users\Brittany\webct_upload_applet.properties

[2010/08/12 09:59:25 | 000,000,084 | ---- | C] () -- C:\Users\Brittany\AppData\Roaming\RSBot Accounts.ini

[2010/06/23 10:46:45 | 000,775,702 | ---- | C] () -- C:\Users\Brittany\AppData\Local\tmpJELLYFISH.JPG

[2010/06/12 12:28:25 | 000,000,099 | ---- | C] () -- C:\Users\Brittany\jagex_runescape_preferences2.dat

[2010/06/12 12:28:25 | 000,000,000 | ---- | C] () -- C:\Users\Brittany\jagex__preferences3.dat

[2010/06/12 12:26:57 | 000,000,046 | ---- | C] () -- C:\Users\Brittany\jagex_runescape_preferences.dat


========== ZeroAccess Check ==========


[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64


[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]


========== LOP Check ==========


[2012/08/27 12:48:09 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Amazon

[2013/03/25 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\AVG2013

[2014/01/13 21:58:45 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Barnes & Noble

[2010/08/15 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2014/02/18 20:40:03 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Nico Mak Computing

[2014/01/23 00:01:00 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Open Download Manager

[2013/07/14 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Origin

[2014/02/13 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Python-Eggs

[2014/02/16 22:06:38 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\QuickScan

[2014/02/19 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Spotify

[2013/05/03 14:34:30 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Template

[2010/06/30 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\Tific

[2013/03/25 16:39:37 | 000,000,000 | ---D | M] -- C:\Users\Brittany\AppData\Roaming\TuneUp Software


========== Purity Check ==========




< End of report >


OTL Extras logfile created on: 2/20/2014 9:03:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brittany\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16518)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy


3.80 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 59.32% Memory free

7.61 Gb Paging File | 5.79 Gb Available in Paging File | 76.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 446.70 Gb Total Space | 95.56 Gb Free Space | 21.39% Space Free | Partition Type: NTFS

Drive D: | 18.76 Gb Total Space | 3.01 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Drive E: | 99.02 Mb Total Space | 95.10 Mb Free Space | 96.04% Space Free | Partition Type: FAT32


Computer Name: BRITTANY-PC | User Name: Brittany | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days


========== Extra Registry (SafeList) ==========



========== File Associations ==========


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)


[HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.JPJPXEKRVVV62SL6LSCZOO7LKI] -- Reg Error: Key error. File not found


========== Shell Spawning ==========


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.


========== Security Center Settings ==========


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

"" =

"DisableMonitoring" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]


========== System Restore Settings ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


========== Firewall Settings ==========


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0


========== Authorized Applications List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]



========== Vista Active Open Ports Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00385B40-F4C8-449E-B04D-E4FE096CD1FC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{02A2187F-D4F9-4C69-AB33-AD15F5EB84BD}" = rport=139 | protocol=6 | dir=out | app=system |

"{15C615C9-95B0-4AEE-960F-0221A4DA6D93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
"{28C9EC26-BEB6-467B-9042-15DA6288F815}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2B35E34A-771D-4905-8C9D-9E07D2E96C92}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2EE6FE4F-D7BE-4B14-B304-C5C399265F49}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4291954C-30F9-4848-B30D-51CCCDA9573E}" = rport=138 | protocol=17 | dir=out | app=system |

"{4C455D3F-E033-40BF-9EFF-98422B442D82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4EA44AF9-AD07-4702-916C-11B891DB58A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{576C8980-022A-4373-834F-6D1D6411DF33}" = lport=137 | protocol=17 | dir=in | app=system |

"{5D1D677F-3341-47E6-B435-FA44D8B2CDC8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{679E4517-1D54-41C8-BB94-7E28D157ABE1}" = lport=139 | protocol=6 | dir=in | app=system |

"{773C0D1B-B316-442A-BE87-16EA862F70AE}" = rport=10243 | protocol=6 | dir=out | app=system |

"{78DAEDE3-02AE-4805-B6AC-A8E7E8B16341}" = rport=137 | protocol=17 | dir=out | app=system |

"{9403A8A5-15A5-44BC-8EB5-E6F9CC5481F4}" = lport=138 | protocol=17 | dir=in | app=system |

"{A3EF9163-81F5-4EB7-95FE-60E14DFEB809}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{ABF55021-E1E8-4A72-9A71-E462768BFA4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AD98F236-7195-46C3-90A0-97E359389A33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BBB4ED3A-96B8-4971-947A-968765B43E73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BC764CDC-C4F2-4BD0-B2CA-504FDCC4B182}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C3BF6AB9-005B-43D9-AC75-8E2157C2E430}" = lport=445 | protocol=6 | dir=in | app=system |

"{E5975A2A-92E8-4411-8B87-2D1900207224}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E81CD1A4-00EE-4FE0-B514-085151264BAF}" = rport=445 | protocol=6 | dir=out | app=system |

"{F3A69086-4280-45A7-8C41-5BAAF99C6B22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |


========== Vista Active Application Exception List ==========


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{075C1619-59F1-4DDA-96C4-E8DCC427F6DC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |

"{11AA5C7F-399F-44BA-8DEA-45EA0ECAE3C4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |

"{13D067C0-1AFD-4A65-9D79-2DA66D7A2636}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{1AE887E3-69BC-4499-8AED-E2765B1743FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{211EC92D-2EC0-4DFF-B254-2DB7CDF0C2BC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{22F52729-DA8A-4135-86B6-F320B1EEDF84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{25D4730D-3DCD-4192-A269-2F6A84114AD4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{285F17F7-0E4A-4DED-A822-2F6EBFF7EA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{2873BD9E-9B9E-4770-B4AF-0CB815F4E076}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{2947FD81-5706-46BE-9FDD-A0EC5A0A57A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{32D7D3B9-19AC-4722-8FCA-A264D7F41EEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{33558B93-0ADA-428F-BA3F-C306108D0104}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3A7273D0-06EA-4785-8434-0FCAF5F27CAD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{3C2C616C-5AF5-4819-B986-5A2B1B67333F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{3E712164-1DDE-4AA8-8A05-CB854F3FAF46}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |

"{429787D4-DE51-4A6D-A3EB-ACCE4E00AE88}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{42A97F78-2128-4009-B999-5B539DC65047}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |

"{44859118-C2A9-44C0-8BFC-9E030F192BC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{45EE09E6-5A69-4587-890A-267FE8240609}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

"{468FD565-8E73-4ED6-B8DE-1D17107329FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{48E831E9-F12E-4580-A95D-6EA4302CB4EA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{498C25BB-1B06-4E1B-BEEE-D6107696C0AF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{4C2A10DF-0C43-4C45-9157-39AA616D7A7E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{504BC1A0-7482-4975-8E01-1CDF0A6A880A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{55DEC640-81F9-49FF-B6FB-8D4173C21F5A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{562D00A2-70D4-42E6-A9F8-99B4029D1120}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{564A6720-C9D3-4BD8-AE0E-F8D95F9EB5A9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |

"{5A374765-8BC5-4B5D-82E4-5854FC623CE3}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |

"{5A5CF1FD-D924-4106-97C6-03B287006275}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{5B8FFD1C-3D4C-480D-9731-443C2CB2E9BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5C8B816F-CDD6-47B2-B55A-D2FE1946AC16}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5D640AB1-1846-47EE-A83C-2A4E7AAB9A3B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{5E3206FF-D25F-4645-A459-824CDB55908D}" = protocol=6 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

"{5F6F1522-E564-4B8C-A84A-60ADC9B2FA3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

"{69ACA3ED-B595-4A51-986D-7223CAF3B07E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6EBDF8E0-8D06-4527-AC00-8DFE965C7CD3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |

"{6F7E240D-08B5-4F8E-9551-D48FED0C6F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{70B93ABA-B26F-4C3B-A770-AAD81C478C19}" = protocol=6 | dir=out | app=system |

"{73815478-39F5-49C7-9181-71E0A3A9FAFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{757DB73D-6906-4BFB-BCF9-9963E8BD2C47}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{79AEB5FE-E446-4569-BCCA-7953B8190895}" = protocol=17 | dir=in | app=c:\program files (x86)\barnes & noble\nookstudy\nookstudy.exe |

"{82499E24-60F9-41A0-A83A-16AE27DC1A9E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{8E9B2841-7E21-430E-99DE-7081D9E4600B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{944B9F10-531E-4CF3-9E06-BA4153657412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{95680A86-5D47-40BE-A6E9-4A3EC48347FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{97674F10-4307-44B2-9F7B-D450467CEB2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9794BDA0-48D7-456C-A70C-5F5F90415AF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{98909BAC-FAFD-4F57-BA57-87CEC771349D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

"{98C527A7-514A-4994-A07F-75B2DC4F3938}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AC5B21D3-758C-468F-A064-D98683BC104F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B6D6ACD3-330D-4615-9E6B-9DBE2A9067DC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

"{B7139256-1AE1-41A6-96C8-9F58E92E46E8}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{B947939F-4169-4477-B647-6A4F2654E2AF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |

"{BFB50A5F-09BA-4DDA-A0B4-61EF52C1B71E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |

"{C59F1E47-1719-4FCE-90B0-0D8D976949EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C6770BD6-68B5-484C-85AF-9B2CAD2A4059}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{C996A53B-DA7A-4F51-8E79-0143A16D1B35}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{CAC392E8-8957-4546-83A1-DD768BAB0232}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{CB0C8EC7-4AF3-4ECB-A84E-322E36F41D62}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{CCA3A53B-CB10-4728-875B-1C03724B58F3}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |

"{D192FC75-2BCC-4D73-9F60-3B70E63F0121}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{D608ED8A-F691-4C24-9496-674A8AF16F84}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{D67ECB71-E154-4146-B726-1313A71C8879}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{DC1D952B-D810-482F-86A2-A2EF229262DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{DE6020A5-8F3C-4822-BF08-52B25168E43D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |

"{E0ECA507-2EC1-47E3-928C-6DF50A698402}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EA6C5AE4-8721-49F1-92C1-D8DA5CA0BB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EC9ED376-E1DE-459C-9C07-D7BC6021398D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{FDAC3D59-0222-4BCA-B1CA-644EC0385623}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{27B985A7-BCE3-4EA7-A076-FB8EA537D16B}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{B68AF522-47C4-4B05-AA99-94A7C4B1D809}C:\users\brittany\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\brittany\appdata\roaming\spotify\spotify.exe |

"UDP Query User{01E34B08-6E80-4967-8981-865ECC818CFD}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"UDP Query User{B74CD1F7-9B9F-49A3-8DD6-2AE55B427971}C:\users\brittany\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\brittany\appdata\roaming\spotify\spotify.exe |


========== HKEY_LOCAL_MACHINE Uninstall List ==========


64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0

"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes

"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver

"{E319D46F-4F14-4867-94CD-FB203ED60AFC}" = HP Officejet 6500 E710a-f Product Improvement Study

"{EC21DBC6-C760-463D-8866-BFACBB28A3E3}" = HP Officejet 6500 E710a-f Basic Device Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)

"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

"FindRight" = FindRight

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate

"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts

"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime

"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar

"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78915DBA-4FD6-4B85-AC4C-5862BB4D884F}" = HP User Guides 0186

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff

"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB2.0&PCIE Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C5E7BF75-007E-44AD-8962-627ED44CB63B}" = NaturalReaderFree

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com

"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life

"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"AudibleManager" = AudibleManager

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Dolphin x86" = Dolphin x86

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Money2008b" = Microsoft Money Plus

"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NOOK Study" = NOOK Study

"Origin" = Origin

"SafeConnect" = SafeConnect

"WinLiveSuite_Wave3" = Windows Live Essentials


========== HKEY_USERS Uninstall List ==========


[HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Spotify" = Spotify


========== Last 20 Event Log Errors ==========


[ Hewlett-Packard Events ]

Error - 2/6/2013 10:24:25 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()


at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib


Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 3894 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)


Error - 2/6/2013 10:24:25 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()


at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib


Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 3894 Ram Utilization: 50 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)


Error - 2/6/2013 10:24:43 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

Description =


Error - 2/6/2013 10:25:05 AM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

Description =


Error - 2/28/2013 3:17:13 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 4000

Description =


Error - 4/11/2013 2:34:09 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

Ram

Utilization: 50 TargetSite: Void addTempSession()


Error - 4/18/2013 2:17:20 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

Ram

Utilization: 40 TargetSite: Void addTempSession()


Error - 4/25/2013 2:37:24 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

Ram

Utilization: 60 TargetSite: Void addTempSession()


Error - 5/2/2013 2:32:39 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

Ram

Utilization: 60 TargetSite: Void addTempSession()


Error - 5/9/2013 2:16:53 PM | Computer Name = Brittany-PC | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Message:

Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.addTempSession()

Source:

HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3894

Ram

Utilization: 50 TargetSite: Void addTempSession()


[ System Events ]

Error - 2/21/2014 12:19:32 AM | Computer Name = Brittany-PC | Source = DCOM | ID = 10010

Description =



< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O4 - HKLM..\Run: [] File not found
O15 - HKU\S-1-5-21-802716480-2462033193-2097298831-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The ESET scanner didn't find anything so there was no list of found threats to click. I have no text file for that one, but here are the rest:

OTL log:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-802716480-2462033193-2097298831-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brittany
->Temp folder emptied: 2294210 bytes
->Temporary Internet Files folder emptied: 10860036 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36047173 bytes
->Google Chrome cache emptied: 374424879 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 354752 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13089 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43293598 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 446.00 mb


[EMPTYJAVA]

User: All Users

User: Brittany
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Brittany
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02202014_225456

Files\Folders moved on Reboot...
C:\Users\Brittany\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Brittany\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Security Check log:

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Sophos Anti-Virus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 12.0.0.70 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 19.0 Firefox out of Date!
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



FSS log:

Farbar Service Scanner Version: 16-02-2014
Ran by Brittany (administrator) on 21-02-2014 at 09:39:23
Running from "C:\Users\Brittany\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
redtarget.gif
Update Firefox to the current 27.0.1 version.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

redtarget.gif
1. Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

13. Please, let me know, how your computer is doing.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back