Solved Vista Home Business desktop won't boot to desktop

ComboFix 14-06-04.01 - sdees 06/04/2014 18:16:03.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1791.870 [GMT -7:00]
Running from: c:\users\sdees\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DELD27B.tmp
C:\DELF391.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\2215e17531008e62.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\2b6ae514b336acbd.fb
c:\windows\system32\Cache\37729e688ed5cd58.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\537e6b504329b83d.fb
c:\windows\system32\Cache\591871b932da5a07.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\61a116ef21d3c859.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\786632f959eea8d0.fb
c:\windows\system32\Cache\87a37dadaecc55d3.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\8e693c7389353534.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\aee500b758ed2a30.fb
c:\windows\system32\Cache\b16337e538f6b82a.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\c859c5d6eab9c626.fb
c:\windows\system32\Cache\cc385699b26d92fd.fb
c:\windows\system32\Cache\d0d1e0cfbb5d8fe3.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2014-05-05 to 2014-06-05 )))))))))))))))))))))))))))))))
.
.
2014-06-05 01:26 . 2014-06-05 01:26 -------- d-----w- c:\users\sdees\AppData\Local\temp
2014-06-05 01:26 . 2014-06-05 01:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-05 01:26 . 2014-06-05 01:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-05 01:26 . 2014-06-05 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-05 00:13 . 2014-06-05 00:13 -------- d-----w- c:\program files\Belarc
2014-06-04 23:46 . 2014-06-04 23:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-04 23:28 . 2014-06-04 23:28 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-04 23:28 . 2014-06-04 23:28 -------- d-----w- c:\programdata\RogueKiller
2014-06-04 19:31 . 2014-06-04 19:31 -------- d-----w- c:\program files\CCleaner
2014-06-04 13:25 . 2014-06-04 13:25 -------- d-----w- c:\programdata\Licenses
2014-06-04 13:25 . 2014-06-04 13:26 -------- d-----w- c:\program files\SpywareBlaster
2014-06-04 11:19 . 2014-06-04 11:19 -------- d-----w- C:\SUPERDelete
2014-06-04 10:25 . 2014-06-04 10:25 -------- d-----w- c:\program files\iPod
2014-06-04 10:25 . 2014-06-04 10:26 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-04 10:25 . 2014-06-04 10:26 -------- d-----w- c:\program files\iTunes
2014-06-04 05:14 . 2014-06-04 05:14 -------- d-----w- c:\program files\Dropbox
2014-06-04 05:12 . 2014-06-04 05:14 -------- d-----w- c:\users\sdees\AppData\Roaming\Dropbox
2014-06-04 05:11 . 2014-06-04 05:11 -------- d-----w- c:\users\sdees\AppData\Roaming\AVAST Software
2014-06-04 05:05 . 2014-06-04 05:04 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-06-04 05:05 . 2014-06-04 05:04 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-04 05:05 . 2014-06-04 05:06 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-04 05:05 . 2014-06-04 05:06 411680 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-06-04 05:05 . 2014-06-04 05:04 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-04 05:05 . 2014-06-04 05:04 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-04 05:05 . 2014-06-04 05:04 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-04 05:05 . 2014-06-04 05:06 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys
2014-06-04 05:04 . 2014-06-04 05:04 271264 ----a-w- c:\windows\system32\aswBoot.exe
2014-06-04 05:04 . 2014-06-04 05:04 43152 ----a-w- c:\windows\avastSS.scr
2014-06-04 05:03 . 2014-06-04 05:03 -------- d-----w- c:\program files\AVAST Software
2014-06-04 04:40 . 2014-06-04 22:09 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-04 04:40 . 2014-06-04 23:45 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-04 04:40 . 2014-05-12 15:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-04 04:40 . 2014-05-12 15:08 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-04 04:31 . 2014-06-04 04:31 -------- d-----w- c:\program files\Common Files\Java
2014-06-04 04:30 . 2014-06-04 04:30 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-06-03 17:33 . 2014-06-04 04:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-06-03 17:31 . 2014-06-04 04:49 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-03 00:56 . 2014-06-03 00:56 -------- d-----w- c:\users\Default\AppData\Local\Google
2014-06-02 01:30 . 2014-06-04 01:24 -------- d-----w- c:\users\TEMP
2014-05-17 00:42 . 2014-04-17 12:32 8050496 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{447737DA-AAFA-474C-B260-9A4AD050BD7F}\mpengine.dll
2014-05-16 20:31 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-04 05:04 . 2014-06-04 05:05 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401858377864
2014-06-04 05:04 . 2014-06-04 05:05 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401858377864
2014-05-15 18:31 . 2012-09-07 16:25 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 18:31 . 2012-09-07 16:25 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-01 05:46 . 2014-04-01 05:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 05:46 . 2014-04-01 05:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 16:35 . 2010-03-04 10:01 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-07 23:12 . 2014-04-10 02:57 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-10 02:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-10 02:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-10 02:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-10 02:57 421376 ----a-w- c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-06-04 05:04 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\sdees\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\sdees\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\sdees\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-08-08 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2014-02-21 2357984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-04 3888648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-27 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-4-7 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-04 03:55 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 18:31]
.
2014-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 20:29]
.
2014-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-16 20:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kirotv.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 74.40.74.40
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-04 18:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2014-06-04 18:29:37
ComboFix-quarantined-files.txt 2014-06-05 01:29
.
Pre-Run: 16,142,237,696 bytes free
Post-Run: 16,022,474,752 bytes free
.
- - End Of File - - 9BD7C24B560C43906A019A17FD1176A8
A863475757CC50891AA8458C415E4B25
 
Ok, other than a slow (re) bootup, which I believe is due to only 2gb's of ram, its running pretty good.
 
It's working then.
Good :)

When done with that...

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v3.211 - Report created 04/06/2014 at 19:53:04
# Updated 26/05/2014 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : sdees - SDEES-PC-MIGET2
# Running from : C:\Users\sdees\Desktop\adwcleaner_3.211.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\InstallBrainService
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\sdees\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\sdees\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\sdees\AppData\LocalLow\oovootoolbar
Folder Deleted : C:\Users\sdees\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
File Deleted : C:\Users\sdees\AppData\Roaming\Mozilla\Firefox\Profiles\zkaqpwwn.default\searchplugins\Askcom.xml
File Deleted : C:\Users\sdees\AppData\Roaming\Mozilla\Firefox\Profiles\zkaqpwwn.default\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v

[ File : C:\Users\sdees\AppData\Roaming\Mozilla\Firefox\Profiles\zkaqpwwn.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=AD9FC7CF-438B-48C3-8E40-3C25A704A869&apn_ptnrs=TV&apn_sauid=63C4285A-333D-4EEA-AA09-80FE601DC1A6&[...]
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=AD9FC7CF-438B-48C3-8E40-3C25A704A869&apn_ptnrs=TV&apn_sauid=63C4285A-333D-4EEA-AA09-80FE601DC1A6&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : aaaaojmikegpiepcfdkkjaplodkpfmlo
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [7287 octets] - [04/06/2014 19:42:56]
AdwCleaner[S0].txt - [7237 octets] - [04/06/2014 19:53:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7297 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Business x86
Ran by sdees on Wed 06/04/2014 at 20:09:25.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{333CBC9B-FEDF-452A-9561-F30793164824}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{756d2206-b435-402d-b825-ba2c1332ce24}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C2FE743C-F426-459E-950E-6BBB3664DF0A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\sdees\Local Settings\Application Data\cre"
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{017EAF44-1315-4FA6-9245-E5F971E9F258}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{0A12C1B7-9869-49CB-BA1D-C1D59500DB54}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{0BE365B6-EFB0-4B70-95BA-376878D65D9C}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{11E4C389-49B0-4192-9B60-DC1623EAE026}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{1252EA13-7504-4775-B261-014369C85FB7}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{178AE3B3-E879-446D-8D44-81006868151A}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{19245806-2742-48A3-86EA-981BD82D924C}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{1AB4BD78-FAB0-43E5-9A34-17D8C6809AC3}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{1B241AF3-EFDF-4297-803E-AD564F8B634C}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{1C245A73-C19F-4155-A12D-0866F61773CD}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{22A181CF-214B-43F4-BB1B-C8C7F3827FDE}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{27AA4DCA-2232-4868-8419-7FDB1CCBB25D}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{2C3544A0-8AD0-4392-952F-BCC9E1CDE294}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{2D3D1944-6B2E-4AF8-8A34-D3DC73DF3D47}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{2EC199A8-3330-4689-9409-2F79F31BFE73}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{2F4AB636-028C-4096-82C3-CAF4B740E901}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{305FD5AA-3D60-4770-9C14-2095DA35C993}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{354189A8-4034-41B5-A0E6-31B0AC19C19F}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{3D24C4F1-729A-4769-AF2D-784ACA0F6600}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{3D8E6C49-EDE5-4171-B448-F560646A1FBF}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{4991A0F2-266F-4DA5-AE6A-807C8A8BB334}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{49E8C96B-2B56-4D3B-A0B0-9BC8BC3CACEA}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{4D7E6EE9-80BF-456F-8646-13D7F0FB7035}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{530923EE-BDFE-47F1-A594-EE2D4D4DE656}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{56C8ED2E-9587-4230-951F-CEB19FEE78AE}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{58FB1C61-2D48-43DD-BAEE-E647020517E0}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{59E6160A-8D63-4CF7-A119-235F22819B6D}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{605CADE0-94DF-4CB3-A194-1E85F283A263}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{626FFFD0-B3CC-43C9-9A56-2FD590B9AEAB}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{65597174-EDF8-4DC8-A5C4-3801B30CBA0C}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{69B8CD32-E220-4477-B013-C56027F395D6}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{6E1297B1-D21F-450D-B576-4590EF7E26C3}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{6F05D13E-472F-47C6-A142-F3FD4D1CF7D0}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{78EA9CCC-7B72-42BC-B170-B71BC39011D2}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{851D690B-43AF-42ED-AD46-BB2126642560}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{85EB28FD-A2B7-4538-8732-8DF5497BA357}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{8B8ED515-20BE-41C5-8126-A3AB4A562EA5}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{950AA18E-62A5-42E4-9CDA-73A9D7FB635A}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{973AE8B7-6D49-4DB7-B9E1-69EB1027A1BD}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{97C1AA5D-8430-4611-89FE-2AE829ABB0C7}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{9F3BD610-3F7B-4312-8973-79EDA7B315BF}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{9F3FCFF0-ADD5-4CC4-860F-260E8877DB2F}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{A0DC1698-88E2-47BB-877F-AFA6B575BF9E}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{A215594B-A127-4E31-9343-65C667983437}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{A6CAF8BF-09D9-4D9A-B275-A73315C7DA88}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{B0955F1B-2258-4236-A469-6F5302D03EF6}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{B53468BC-5695-4A86-BEBB-FBBF4050075F}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{B6C74CC4-7507-4299-B070-77FCE0158F4C}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{B84EAF82-A4C0-4D8E-B4D4-169E8CA7B5BE}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{BA1E076F-809F-40AC-BB0A-C98B9AB550EF}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{BC9A6ED7-73A9-43B2-8729-10D57DCF23AA}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{BF283C29-9F42-4D7F-9A03-1007EC27B410}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{CA4197C2-783B-4615-9D14-F5A2FA822E97}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{CE5D2D68-2487-4066-9219-A37D20E01944}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{D16F0C14-65AA-448D-A743-CB7BF031A849}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{DD1B7393-1BA5-4645-AB43-EDD7EF61DB8D}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{DD5195A5-D4AE-4063-8099-08210BFAA7CD}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{DDA262AB-910E-41D8-91AF-FF8F5A951796}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{E105E56C-4F1C-4780-B998-CDB0CEE31606}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{E68B62E3-0CCC-4A35-9068-387642E8BD4B}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{F4B4597E-0E02-4742-B5C3-F78C71E6F06A}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{F658D9C2-3EEE-48D7-87B9-15D54522FDCB}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{FC92F5AA-F808-4557-8F8F-6ECDE82B2466}
Successfully deleted: [Empty Folder] C:\Users\sdees\appdata\local\{FE5A94F6-AA3E-4B49-B7D0-8014DC98F229}



~~~ FireFox

Emptied folder: C:\Users\sdees\AppData\Roaming\mozilla\firefox\profiles\zkaqpwwn.default\minidumps [54 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/04/2014 at 20:15:14.28
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 6/4/2014 8:20:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sdees\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 50.98% Memory free
3.75 Gb Paging File | 2.48 Gb Available in Paging File | 66.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.27 Gb Total Space | 14.71 Gb Free Space | 21.86% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 61.92 Gb Free Space | 92.24% Space Free | Partition Type: NTFS

Computer Name: SDEES-PC-MIGET2 | User Name: sdees | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/04 20:19:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sdees\Desktop\OTL.exe
PRC - [2014/06/03 22:06:21 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/03 22:04:47 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/12 08:07:22 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 08:07:20 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 08:07:14 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/09 18:31:07 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/02/20 23:25:04 | 000,173,280 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2014/01/06 14:37:38 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/08/08 00:28:42 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 13:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/04/11 11:30:34 | 000,030,800 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2007/04/11 11:30:06 | 000,026,704 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/11/15 11:12:20 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\eProtection\service\eProtectionServ.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/03 22:04:54 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/05/16 17:47:16 | 011,909,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a709052bfbcc0402d389dc7a47c7ee2b\System.Web.ni.dll
MOD - [2014/05/16 17:47:09 | 000,774,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/14 10:35:43 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll
MOD - [2014/02/14 10:35:09 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll
MOD - [2014/02/14 10:33:39 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll
MOD - [2014/02/14 10:33:25 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll
MOD - [2014/02/14 10:33:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll
MOD - [2014/02/14 10:32:31 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll
MOD - [2014/02/14 10:32:19 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll
MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/04/07 14:30:03 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2736.38368__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/04/07 14:30:03 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/04/07 14:30:03 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2736.38360__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/04/07 14:30:03 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/04/07 14:30:01 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2736.38622__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/04/07 14:29:39 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2736.38629__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/04/07 14:29:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/04/07 14:29:37 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2736.38559__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/04/07 14:29:36 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/04/07 14:29:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/04/07 14:29:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/04/07 14:29:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/04/07 14:29:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/04/07 14:29:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/04/07 14:29:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/04/07 14:29:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/04/07 14:29:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/04/07 14:29:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/04/07 14:29:34 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/04/07 14:29:34 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/04/07 14:29:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/04/07 14:29:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/04/07 14:29:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/04/07 14:29:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/04/07 14:29:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/04/07 14:29:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/04/07 14:29:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/04/07 14:29:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/04/07 14:29:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/04/07 14:29:23 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/04/07 14:29:23 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/04/07 14:29:23 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/04/07 14:29:23 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/04/07 14:29:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/04/07 14:29:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/04/07 14:29:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/04/07 14:29:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/04/07 14:29:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/04/07 14:29:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/04/07 14:29:22 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/04/07 14:29:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/04/07 14:29:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll
MOD - [2008/04/07 14:29:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/04/07 14:29:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/04/07 14:29:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/04/07 14:29:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/04/07 14:29:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/04/11 11:30:34 | 000,030,800 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2007/04/11 11:30:06 | 000,026,704 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2014/06/03 22:04:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/05/15 11:31:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 08:07:22 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 08:07:20 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/20 23:25:04 | 000,173,280 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/15 11:12:20 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\eProtection\service\eProtectionServ.exe -- (eProtection)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\osaio.sys -- (osaio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\netlimiter.sys -- (netlimiter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkUsbPort.sys -- (DisplayLinkUsbPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\sdees\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2014/06/04 20:08:51 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/03 22:06:18 | 000,777,488 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2014/06/03 22:06:18 | 000,411,680 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/06/03 22:06:18 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswrdr.sys -- (aswRdr)
DRV - [2014/06/03 22:04:56 | 000,180,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/06/03 22:04:56 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/06/03 22:04:56 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/06/03 22:04:56 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/06/03 22:04:56 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/05/12 08:08:40 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 08:08:30 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/10 22:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/04/01 05:57:00 | 000,157,184 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2008/09/29 20:20:40 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WN111v2v.sys -- (WN111v2)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 19:23:46 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 18:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/04/29 22:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/12/08 10:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.kirotv.com
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z015&form=ZGAIDF
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACAW_enUS369US369
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\SearchScopes\{F2E97ED8-DDB3-4B7C-B8B6-B24A86329ACE}: "URL" = http://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.kirotv.com"
FF - prefs.js..extensions.enabledAddons: john@velvetcache.org:1.3.7
FF - prefs.js..extensions.enabledAddons: donottrackplus@abine.com:2.2.1.829
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 09:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014/06/03 20:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/03 22:04:58 | 000,000,000 | ---D | M]

[2012/09/07 09:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sdees\AppData\Roaming\mozilla\Extensions
[2014/06/03 21:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sdees\AppData\Roaming\mozilla\Firefox\Profiles\zkaqpwwn.default\extensions
[2012/10/05 18:14:27 | 000,000,000 | ---D | M] (WOT) -- C:\Users\sdees\AppData\Roaming\mozilla\Firefox\Profiles\zkaqpwwn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/11/01 11:41:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\sdees\AppData\Roaming\mozilla\Firefox\Profiles\zkaqpwwn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/08 10:12:26 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\sdees\AppData\Roaming\mozilla\Firefox\Profiles\zkaqpwwn.default\extensions\donottrackplus@abine.com
[2012/09/07 11:41:13 | 000,017,677 | ---- | M] () (No name found) -- C:\Users\sdees\AppData\Roaming\mozilla\firefox\profiles\zkaqpwwn.default\extensions\john@velvetcache.org.xpi
[2012/09/07 09:14:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\sdees\AppData\Roaming\mozilla\firefox\profiles\zkaqpwwn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/08/29 13:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\sdees\AppData\Roaming\mozilla\firefox\profiles\zkaqpwwn.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2012/11/07 16:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 09:46:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg.com/?cid={B380C...928fc107f&lang=en&ds=ft011&pr=sa&d=2013-04-02 08:41:57&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.14.33467_0\background/registryAccess.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Secure Search = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\1.0.0.8_0\
CHR - Extension: Google Wallet = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\sdees\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/06/04 18:26:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.60.2)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.60.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 74.40.74.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A5C46C-5C78-45B4-8CB2-636B1175F385}: DhcpNameServer = 192.168.1.1 74.40.74.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6867B9F-961D-405B-A0AA-7BCBC5FD1C90}: DhcpNameServer = 192.168.1.1 74.40.74.40
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sdees\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\sdees\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/04 20:19:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sdees\Desktop\OTL.exe
[2014/06/04 20:04:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/04 20:01:16 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\sdees\Desktop\JRT.exe
[2014/06/04 19:43:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/04 19:42:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/04 18:29:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/04 18:29:41 | 000,000,000 | ---D | C] -- C:\Users\sdees\AppData\Local\temp
[2014/06/04 18:11:45 | 005,205,146 | R--- | C] (Swearware) -- C:\Users\sdees\Desktop\ComboFix.exe
[2014/06/04 17:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2014/06/04 16:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/06/04 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\sdees\Desktop\mbar
[2014/06/04 16:44:57 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\sdees\Desktop\mbar-1.07.0.1009.exe
[2014/06/04 16:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/04 12:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/06/04 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/06/04 07:11:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\sdees\Desktop\dds.com
[2014/06/04 06:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/06/04 06:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/06/04 06:25:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/06/04 04:19:50 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/04 03:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/06/04 03:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/06/04 03:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/06/04 03:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/06/03 22:14:13 | 000,000,000 | ---D | C] -- C:\Users\sdees\AppData\Roaming\DropboxMaster
[2014/06/03 22:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/06/03 22:13:54 | 000,000,000 | ---D | C] -- C:\Users\sdees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/06/03 22:12:29 | 000,000,000 | ---D | C] -- C:\Users\sdees\AppData\Roaming\Dropbox
[2014/06/03 22:11:14 | 000,000,000 | ---D | C] -- C:\Users\sdees\AppData\Roaming\AVAST Software
[2014/06/03 22:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/03 22:05:07 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/03 22:05:05 | 000,777,488 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/03 22:05:05 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1401858377864
[2014/06/03 22:05:04 | 000,411,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/03 22:05:03 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/03 22:05:02 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1401858377864
[2014/06/03 22:05:02 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/03 22:04:59 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/03 22:04:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/03 22:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/03 21:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/06/03 21:40:22 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/03 21:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/03 21:40:07 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/03 21:40:07 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/03 21:40:07 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/03 21:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/06/03 21:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/03 10:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/06/03 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/05/16 13:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

========== Files - Modified Within 30 Days ==========

[2014/06/04 20:19:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sdees\Desktop\OTL.exe
[2014/06/04 20:08:51 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/04 20:08:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 20:08:13 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/06/04 20:08:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 20:08:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 20:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 20:07:57 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 20:01:38 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\sdees\Desktop\JRT.exe
[2014/06/04 19:42:01 | 001,327,971 | ---- | M] () -- C:\Users\sdees\Desktop\adwcleaner_3.211.exe
[2014/06/04 19:36:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 19:31:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/04 18:26:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/06/04 18:12:02 | 005,205,146 | R--- | M] (Swearware) -- C:\Users\sdees\Desktop\ComboFix.exe
[2014/06/04 17:17:07 | 000,231,760 | ---- | M] () -- C:\Users\sdees\Desktop\CrucialScan.exe
[2014/06/04 17:13:06 | 000,001,929 | ---- | M] () -- C:\Users\sdees\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/06/04 17:13:06 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/06/04 17:11:56 | 003,379,056 | ---- | M] () -- C:\Users\sdees\Desktop\advisorinstaller.exe
[2014/06/04 16:45:55 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/04 16:45:17 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\sdees\Desktop\mbar-1.07.0.1009.exe
[2014/06/04 16:28:13 | 000,026,624 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/04 16:27:18 | 004,686,336 | ---- | M] () -- C:\Users\sdees\Desktop\RogueKiller.exe
[2014/06/04 12:31:16 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/04 08:56:31 | 000,689,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/04 08:56:31 | 000,137,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/04 08:55:38 | 000,001,684 | ---- | M] () -- C:\Users\sdees\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2014/06/04 07:11:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\sdees\Desktop\dds.com
[2014/06/04 06:25:23 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/06/04 03:26:39 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/03 22:06:36 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/03 22:06:18 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/03 22:06:18 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/03 22:06:18 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/03 22:04:56 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1401858377864
[2014/06/03 22:04:56 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/03 22:04:56 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/03 22:04:56 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/03 22:04:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1401858377864
[2014/06/03 22:04:56 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/03 22:04:56 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/03 22:04:55 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/03 22:04:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/03 21:49:59 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/03 21:43:15 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/06/03 21:19:58 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/06/03 21:19:58 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2014/05/31 09:33:29 | 000,074,751 | ---- | M] () -- C:\Users\sdees\Desktop\troy.jpg
[2014/05/12 08:08:40 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/12 08:08:30 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2014/06/04 19:41:51 | 001,327,971 | ---- | C] () -- C:\Users\sdees\Desktop\adwcleaner_3.211.exe
[2014/06/04 17:17:05 | 000,231,760 | ---- | C] () -- C:\Users\sdees\Desktop\CrucialScan.exe
[2014/06/04 17:13:06 | 000,001,929 | ---- | C] () -- C:\Users\sdees\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/06/04 17:13:06 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2014/06/04 17:13:06 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/06/04 17:11:45 | 003,379,056 | ---- | C] () -- C:\Users\sdees\Desktop\advisorinstaller.exe
[2014/06/04 16:28:13 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/06/04 16:27:07 | 004,686,336 | ---- | C] () -- C:\Users\sdees\Desktop\RogueKiller.exe
[2014/06/04 12:31:16 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/04 08:55:38 | 000,001,684 | ---- | C] () -- C:\Users\sdees\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2014/06/04 06:25:23 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/06/04 03:26:39 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/06/03 22:06:36 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/03 22:05:06 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/03 22:05:04 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/03 22:05:03 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/03 21:49:59 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/03 21:43:15 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/06/03 20:52:04 | 1878,515,712 | -HS- | C] () -- C:\hiberfil.sys
[2014/05/31 09:33:23 | 000,074,751 | ---- | C] () -- C:\Users\sdees\Desktop\troy.jpg
[2013/01/13 21:56:09 | 000,017,408 | ---- | C] () -- C:\Users\sdees\AppData\Local\WebpageIcons.db
[2012/09/08 21:42:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/08 21:42:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/08 21:42:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/08 21:42:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/08 21:42:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/06 12:17:27 | 000,000,408 | ---- | C] () -- C:\Users\sdees\Music - Shortcut.lnk
[2010/12/06 00:01:31 | 000,000,612 | ---- | C] () -- C:\Users\sdees\AppData\Roaming\AB9A.85E
[2010/11/05 20:06:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/03 22:13:26 | 000,000,680 | ---- | C] () -- C:\Users\sdees\AppData\Local\d3d9caps.dat
[2010/03/04 17:09:12 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/03/04 06:22:09 | 000,011,264 | ---- | C] () -- C:\Users\sdees\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/09 16:33:45 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\9500 Series
[2010/03/03 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Acer
[2011/03/12 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Audacity
[2014/06/03 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\AVAST Software
[2012/09/07 11:08:59 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\AVG10
[2014/06/03 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Dropbox
[2014/06/03 22:14:53 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\DropboxMaster
[2010/03/03 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Leadertech
[2010/04/28 07:31:31 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Lexmark Productivity Studio
[2010/03/09 11:27:09 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\MioNet
[2010/12/03 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\ooVoo Details
[2012/01/22 23:38:53 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Research In Motion
[2010/03/03 15:58:11 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\Sling Media
[2010/04/16 16:38:16 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\TechWizard
[2012/09/08 14:52:40 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\TuneUp Software
[2010/12/30 23:14:14 | 000,000,000 | ---D | M] -- C:\Users\sdees\AppData\Roaming\WD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 
OTL Extras logfile created on: 6/4/2014 8:20:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sdees\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 50.98% Memory free
3.75 Gb Paging File | 2.48 Gb Available in Paging File | 66.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.27 Gb Total Space | 14.71 Gb Free Space | 21.86% Space Free | Partition Type: NTFS
Drive D: | 67.13 Gb Total Space | 61.92 Gb Free Space | 92.24% Space Free | Partition Type: NTFS

Computer Name: SDEES-PC-MIGET2 | User Name: sdees | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E0D8F5-8880-465D-9EBD-DB8E3E2BEE05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{099CB4CD-EFD4-4F09-A56F-341439089545}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0BC4D80E-FC87-4699-A5B4-914442C200B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{101ADFF4-8BE0-49EF-A87D-9006617E6820}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1916D3FE-10DC-46B5-AF1E-220F72DEE185}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B6257AC-E9CA-4E05-B007-9A3E1C513E67}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CF27C77-3FB5-4F91-B4D9-0F6A20FECA34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1D120553-CF12-495C-8D62-46D07DAB7DA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2643F58D-7B93-44B9-A0AD-CD6890FD6120}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A511152-CE1D-45A7-B7F4-088824BDFE40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2EDA980C-6ED6-4DF4-95C1-F9775C9CCAC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{394B14EA-868E-4389-8DF6-07D019D788FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4811DD8E-3D98-41A3-B653-A87CAB4E132C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B11D3CA-72AC-4751-9660-73F2DC8308EC}" = rport=139 | protocol=6 | dir=out | app=system |
"{57C58EFD-4284-43B6-9DA1-67C890C96B1A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{602D7607-5891-476C-8CC2-34CEB76EC15B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{607BF30D-64E4-4116-A990-E60937E453D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{676F173D-2F48-4E8C-83C9-83879791546E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D3B92B7-2FF6-4909-89E6-17C4F1EB1525}" = lport=9999 | protocol=17 | dir=in | name=lanscope udp port |
"{ADC2DEB6-5DD7-4D56-A251-62EAE2FE224F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF9628DF-88DB-4AD2-A3AA-95844B89DC1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4574A48-3862-4BFD-9896-A1738314D27F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B88FD41F-7767-434F-9920-ACEE9CE82A30}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2AF614F-C5DB-429D-9007-15D17E3B4F69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C687F76D-9568-40E0-9E7D-1D15891B8A46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C7B861E5-306D-4567-9948-BD35ECE14B32}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC258D06-4F52-46B9-A39C-EC2577EFFBA0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{D28B2BDC-FB91-429E-B284-317220F4B355}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDEDD505-E1F2-408A-A708-933F18E39A08}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DF4568A1-C0C9-447E-B899-713DB2E8F947}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EC1DA6C5-4D82-4DEC-8B10-E417F4A05A02}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EEA8B78C-58E1-42A0-A3BE-2D0D753293E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4ED236D-2ED2-4609-B833-166DDFB35220}" = lport=2804 | protocol=6 | dir=in | name=lanscope tcp port |
"{FA903E84-1362-4AEF-AF2C-EA0C6FDB392C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FFDB3BF8-49E4-4C1C-A796-4E545F070488}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D41A51-C0AE-41D0-A124-B3D5EB488D26}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{01073076-EEA1-4A1B-9BB0-A560BE34D921}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{02F62032-E518-4272-A151-BB96EE05EE18}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{03778710-4C54-4D16-B200-EA37F1928256}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
"{05DF2765-D667-4E7E-A77D-9316813B4842}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"{1243098E-9D76-4D2E-9B78-FC3A794AC930}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17C3F108-0BBB-4F77-866B-A50948FDEE21}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdopswx.exe |
"{2C0FE484-8082-48E3-B8D4-5CA5D8CE3640}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2C7E4310-7710-4DC0-9ED4-640ACAC13EAB}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"{2CD1246D-8486-4150-95B1-9B97E7E8F942}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{33BA88CC-C572-4FE9-91BD-646D5D105786}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdojswx.exe |
"{34751CBD-2296-41C6-A10D-BDA699A06121}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdotime.exe |
"{3A45933E-C151-4143-8887-9FFA970AFC4A}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"{3F9AA9BE-E83A-4846-9FEA-73968AB94810}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42D94BE3-037A-4C87-87EC-2292889B40BB}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{4450B478-0AEB-4D22-BCDF-864E019EDFC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A22BD6F-C031-4FDA-9C98-DFF6CF3918A9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{50DF51BD-7861-4F11-A466-2B965854885C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51672B8F-988F-4E57-B80E-3D1E5EC7EEE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{55B55418-0D34-4261-A78D-A2B7E6801283}" = protocol=17 | dir=in | app=c:\users\sdees\appdata\local\tversity\media server\mediaserver.exe |
"{56FECAF6-CDA5-4ABB-8E1C-13528BC4D34F}" = protocol=6 | dir=in | app=c:\users\sdees\appdata\roaming\dropbox\bin\dropbox.exe |
"{5773F6C5-1B8D-454B-8E52-45A7B4AFF25A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5A8076CA-E83F-49DF-B67E-B1A9CD1994D3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{5E057DB2-0B47-47A2-81EF-CD5DF67AA515}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{618FEF60-7548-4452-8B98-7479DD693AA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66DD2F6C-22F7-4A0F-8465-41123954AD42}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6821118B-1E29-48BD-A290-88D69F12EF5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6E4C9724-05CA-4861-AF88-D4F82B51F241}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6E75C897-3AF8-4507-91EA-B4D8A5744854}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdotime.exe |
"{73F2D0F9-DA53-414C-9D10-23F883A4916A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{751CD9DD-ECF6-4F83-B260-EB0BB5FD0205}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7660C772-EAAE-4EC4-BD9D-EA7273E1C69D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{790D6FBB-373B-482D-BC56-60AB4F91467B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{80A556B5-D50B-4EE4-9FE3-B48355F7F860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80A765FB-A4E0-4A09-9C98-CF23AA90F138}" = protocol=17 | dir=in | app=c:\users\sdees\appdata\roaming\dropbox\bin\dropbox.exe |
"{81FC2DD5-A82A-4CEE-B4F9-79066F9229DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{84E585B3-D35A-4D78-ABCA-15F090559C8A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{87EE658D-7249-4522-9875-888F299DBAEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DFEF199-3866-4E34-B0B3-37A37AB0B9A2}" = protocol=6 | dir=out | app=system |
"{923E5A65-BCA5-4AA9-8EE3-F023E4436E5B}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"{9A034886-881C-4ABC-AC24-CA47823EAE3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9AFA290B-DA69-472D-9A30-C2CF37438DE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9B8A2B8E-BE6C-4022-AD46-5994EE0BF89F}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A563EB93-70EC-4FA7-9C31-3B3915C5CF70}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A8E60014-0D7B-4935-9997-5E908D59AF9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1890B6E-F6BD-44AA-8E56-27B7D335E5E2}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdojswx.exe |
"{B811E154-B218-4737-B0D0-A8DB63C340EE}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{BAFAE0D3-3940-4B4D-BAAA-8DF7F3A3CBB8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C862013D-35B4-48BF-8D31-4A94AB4F976F}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdofax.exe |
"{CBCAE2C8-A7A3-4061-B161-961734EC62C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF665F9A-E775-4741-B875-89041D7B55EC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D29486F2-BF7F-4C26-921A-8FDC7C14CA61}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3B58A08-0656-4503-9E27-6FAB88094E09}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{D4F2C9E7-0750-46BA-8947-D4CC039E7DB0}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdomon.exe |
"{DAA30768-1D2F-4E9D-A389-5A0D7D649985}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCFAEB03-BA4A-4B91-86F8-D891035C6363}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E06E7871-118E-4A7D-B66B-DF7C2736A378}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0B9F616-2283-4D43-958A-91FD8ABDF4FA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E108EBDA-DFA4-4DD0-8EB3-419D0E689867}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdofax.exe |
"{E5575DA2-835C-4E6D-BF07-1048EFA7CD23}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\frun.exe |
"{E5FDC5A6-FFBB-470A-AEC2-473BB086E26E}" = dir=in | app=c:\users\sdees\appdata\local\temp\7zs66a9\ojp8000va809_basic_14\setup\hpznui01.exe |
"{E746D8C1-679C-403C-8E82-4B888A28BC3B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8756420-1848-43C8-AEB8-5E0EDED4744E}" = protocol=6 | dir=in | app=c:\program files\lexmark 9500 series\lxdoamon.exe |
"{ED3CF7F0-5246-4315-8F26-39002C6A16D1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F4E01BA5-9A89-46D8-B106-32032B535A0F}" = protocol=17 | dir=in | app=c:\program files\lexmark 9500 series\lxdoamon.exe |
"{F702C6CE-6303-42E5-918C-F581C26A6A31}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F71ABB10-2AE5-48A4-9B95-3CA7A80C41DF}" = protocol=6 | dir=in | app=c:\users\sdees\appdata\local\tversity\media server\mediaserver.exe |
"TCP Query User{0491A494-63A6-44FC-9A8E-53DD969C1BED}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{204E2A03-5038-4B86-B6A3-28821A8C5E63}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{4CC6D3E0-2527-46D5-9BEC-099511E93878}C:\users\sdees\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\sdees\appdata\local\temp\rarsfx0\hl.exe |
"TCP Query User{54EE110F-B1B8-44FB-8330-79D682519D5E}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{6B2CC65A-1BF4-459D-8EB5-02BBF1E85BD4}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F184C0EA-D9B9-42E5-8F92-FB0FF2A313A0}C:\users\sdees\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\sdees\appdata\local\temp\rarsfx0\hl.exe |
"UDP Query User{04D51357-BECA-4D40-9ED1-FD2606613BA6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{7B0831A4-D927-4FED-9DC5-312644B178D7}C:\users\sdees\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\sdees\appdata\local\temp\rarsfx0\hl.exe |
"UDP Query User{94173F01-1712-4E2F-A6AA-AD002829051B}C:\users\sdees\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\sdees\appdata\local\temp\rarsfx0\hl.exe |
"UDP Query User{CC85E0AE-7D92-40FD-91A0-E2F23F6BB300}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{E0C62B1E-22B8-4062-9E27-25A7F9F72C51}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{F156C096-B2B4-41C9-B275-3E64104DD11A}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001FC252-5D30-956C-D6E3-405B9651B698}" = CCC Help Korean
"{0145ABB1-8F13-D85C-EFA7-16AAFD415F07}" = Catalyst Control Center Localization Chinese Standard
"{04BCB992-A9E6-427D-BC66-E92BB76BE97A}" = WD Discovery Software
"{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}" = iTunes
"{08091134-5478-4F0E-5A1A-470BE72647ED}" = CCC Help Thai
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{18F72BF6-D1B1-04AF-BBB2-EA2BA6F50EDB}" = CCC Help English
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E6F7CFD-5BEB-0828-B1B1-645FA4F292DB}" = Catalyst Control Center Localization Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{27005EDF-E80A-7059-81A3-692051625488}" = Catalyst Control Center Localization French
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D4A265B-8CE4-EF70-0C2A-1271119AA5B3}" = Catalyst Control Center Localization Turkish
"{2EA65C2D-0C11-3D8B-46AE-B9092EE7D64C}" = CCC Help Norwegian
"{2EB3629F-C98A-F5A3-25C2-D47B0EDF2A7C}" = CCC Help Greek
"{2FA6AE84-DFE1-9651-7AEB-2E8C78E5B97D}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{355D4B62-447F-1654-70EE-5DEB8D11D807}" = Catalyst Control Center Localization Danish
"{37EBDFAC-5900-A0AD-CCE9-9A0DDA5682F9}" = Catalyst Control Center Localization Portuguese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41D87F76-0623-B98E-089E-AD0010369AC1}" = ccc-utility
"{45576B9A-D9A9-CCE2-488F-E74A96FA550B}" = CCC Help Turkish
"{472BC165-1990-1963-7AAD-BD4DAA3F293E}" = CCC Help Finnish
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4C56E5-819C-E1EB-B682-2F3EB3C32D88}" = CCC Help Hungarian
"{4C0F2181-4765-D5C5-B665-52E7722C1D18}" = Catalyst Control Center Localization Japanese
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{526B988C-393C-181A-0536-257C6AE70D18}" = CCC Help Portuguese
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5792B5D9-645A-3309-C848-9BB7A68F1667}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{593AF68A-BEDA-BC04-D278-7E020F2E6A6E}" = Catalyst Control Center Localization Dutch
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ED5CFB-7EBF-AEF2-C5FF-DCF2D2AC5A77}" = Catalyst Control Center Core Implementation
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687C95B4-4670-DEF1-4585-E11CE3AB7C26}" = CCC Help German
"{6D4DC170-69D1-7CE8-EF98-6DCDC887FA1C}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{75D803F3-2CCA-F91B-F269-1EA77BA56688}" = Catalyst Control Center Localization Chinese Traditional
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CE727EA-498F-B17F-53B6-C695E134C83C}" = Catalyst Control Center Localization Greek
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E70195B-0530-EED3-E8FE-237EC86F989E}" = Catalyst Control Center Localization Polish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{886607CA-3144-493D-1134-EEAAC8D5AAFD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5AEB5F-C533-FD3B-9D35-6FF8BEB91A7E}" = CCC Help Dutch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CB7C96F-22D5-5911-3507-4639ED218CE6}" = CCC Help Polish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF37D01-3105-690A-C481-06EBED787498}" = Catalyst Control Center Localization Swedish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97D4EB44-3BD8-F35A-14AE-73FB3B491396}" = Catalyst Control Center Localization Italian
"{999E1B83-866A-F0A5-321C-B3438BC246B1}" = ATI Catalyst Install Manager
"{99AF8AED-2960-B47B-CAA0-1558B5E78D48}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5A6F0F-EBEC-85B1-C3C2-07E84A58E0DD}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4966638-798C-45B9-B5BF-07D3E63B58C2}" = 8000A809_BasicWeb
"{A78024C0-8C20-27CB-2B7B-6A60445B61AF}" = Catalyst Control Center Localization Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{ADB6F4C1-DF11-450D-9854-F5E4A4C5092C}" = 8000A809_Help_BasicWeb
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B231A9E2-9E9C-9226-E483-DD2D725D1BFE}" = Catalyst Control Center Localization Thai
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7CBEC53-C913-87E2-D70F-3BABEFB0A080}" = Catalyst Control Center Localization Finnish
"{B92C4887-D617-F6C5-DC4B-94984C23E0ED}" = Catalyst Control Center Graphics Full Existing
"{BD2BA0B1-5448-987E-9562-6C665252714A}" = Catalyst Control Center Localization Norwegian
"{C03A4F4C-09A2-ADA3-0DE9-F830F636DD4B}" = CCC Help Spanish
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6660342-B863-AD6B-3D74-C5466AAF1A5F}" = CCC Help Italian
"{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = eProtection
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D475C441-82E7-4694-8717-EA8896D6D37A}" = CCC Help Japanese
"{D51FFF33-0F42-72C1-0DFD-220E3B3E4F97}" = CCC Help Chinese Traditional
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DABC2CCE-5B36-66D2-2CEF-EA2188BE51CF}" = ccc-core-static
"{DD8E5E2F-2189-3CB5-D048-38102D91C06A}" = Catalyst Control Center Graphics Full New
"{DE247139-8107-31A7-E580-6AFAE183A95F}" = Catalyst Control Center Localization German
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7DA2552-8808-7F25-1A85-AAFDE834CA14}" = CCC Help Czech
"{EB0A38F9-6698-B5D5-949E-E042BBEE763B}" = Catalyst Control Center Localization Hungarian
"{ED0CE279-E752-4E6A-8C74-6A6A6F249B1C}" = HP Officejet Pro 8000 A809 Series
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F748B133-D25C-14C2-0178-D90703042FDE}" = CCC Help Chinese Standard
"{F840ACBD-6167-EDD9-FD4D-41A79DF43552}" = Catalyst Control Center Localization Czech
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.4
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"PROHYBRIDR" = 2007 Microsoft Office system
"SpywareBlaster_is1" = SpywareBlaster 5.0
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-792927261-3644060313-3262130061-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

< End of report >
 
redtarget.gif

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM106.sys -- (USBMULCD)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\osaio.sys -- (osaio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\netlimiter.sys -- (netlimiter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkUsbPort.sys -- (DisplayLinkUsbPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\sdees\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O3 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-792927261-3644060313-3262130061-1003\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found
[2010/12/06 00:01:31 | 000,000,612 | ---- | C] () -- C:\Users\sdees\AppData\Roaming\AB9A.85E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Click on "Run ESET Online Scanner" button.
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service AVG Security Toolbar Service stopped successfully!
Service AVG Security Toolbar Service deleted successfully!
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
File C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe not found.
Service USBMULCD stopped successfully!
Service USBMULCD deleted successfully!
File system32\drivers\CM106.sys not found.
Service RimUsb stopped successfully!
Service RimUsb deleted successfully!
File System32\Drivers\RimUsb.sys not found.
Service osaio stopped successfully!
Service osaio deleted successfully!
File C:\Windows\system32\drivers\osaio.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service netlimiter stopped successfully!
Service netlimiter deleted successfully!
File C:\Windows\system32\drivers\netlimiter.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service IntcAzAudAddService stopped successfully!
Service IntcAzAudAddService deleted successfully!
File system32\drivers\RTKVHDA.sys not found.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File C:\Windows\system32\drivers\EagleNT.sys not found.
Service DisplayLinkUsbPort stopped successfully!
Service DisplayLinkUsbPort deleted successfully!
File system32\DRIVERS\DisplayLinkUsbPort.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\sdees\AppData\Local\Temp\catchme.sys not found.
Service AVGIDSFilter stopped successfully!
Service AVGIDSFilter deleted successfully!
File system32\DRIVERS\AVGIDSFilter.Sys not found.
Service athr stopped successfully!
Service athr deleted successfully!
File system32\DRIVERS\athr.sys not found.
Service archlp stopped successfully!
Service archlp deleted successfully!
File system32\drivers\archlp.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-792927261-3644060313-3262130061-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {B80CD4E6-5B02-4B6C-99BE-68F1511E9549}
C:\Windows\Downloaded Program Files\SlingPlayer.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B80CD4E6-5B02-4B6C-99BE-68F1511E9549}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B80CD4E6-5B02-4B6C-99BE-68F1511E9549}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B80CD4E6-5B02-4B6C-99BE-68F1511E9549}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B80CD4E6-5B02-4B6C-99BE-68F1511E9549}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ deleted successfully.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll File not found not found.
C:\Users\sdees\AppData\Roaming\AB9A.85E moved successfully.
ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Google Chrome cache emptied: 6744576 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: sdees
->Temp folder emptied: 2434672 bytes
->Temporary Internet Files folder emptied: 1338165 bytes
->Java cache emptied: 11788 bytes
->FireFox cache emptied: 60980991 bytes
->Google Chrome cache emptied: 10478833 bytes
->Flash cache emptied: 1960204 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9469 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 80.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: sdees
->Java cache emptied: 0 bytes

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: sdees
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06042014_215509

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.83
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
CCleaner
Java 7 Update 60
Java version out of Date!
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Google Chrome 34.0.1847.137
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 21-05-2014
Ran by sdees (administrator) on 04-06-2014 at 22:12:02
Running from "C:\Users\sdees\Desktop"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Broni, I ran the eset online scanner, multiple threats were found & cleaned but it wouldn't let me save the results to the desktop & I couldn't locate the results on the C Drive folder :confused:

Unless this is it
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=37785521d604c447a5e81fcbca5f5588
# engine=18564
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-05 06:12:34
# local_time=2014-06-04 11:12:34 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 0 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 91 0 238556256 0 0
# scanned=143281
# found=8
# cleaned=8
# scan_time=2540
sh=8202BE5D16DF901FD8EAF760030DC89468551982 ft=1 fh=631869558e3c6757 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\sdees\Documents\Downloads\GoogleChromeExtensionUpdate_m2.exe"
sh=D0CABAD570CAC11CBB32F46F316546BAAC72759E ft=1 fh=5d292ef713413fd0 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\sdees\Documents\Downloads\GoogleChromeExtensionUpdate_m3.exe"
sh=B1DC51C9F3E499934918AE202DA3A429BEE5EDD0 ft=1 fh=753a709ad22df4f6 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\sdees\Documents\Downloads\GoogleChromeExtensionUpdate_m4.exe"
sh=75F224A6E97219482B4EE10272E08C799D64E9DF ft=1 fh=f55d2cd9dc251456 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\sdees\Documents\Downloads\GoogleChromeExtensionUpdate_m7.exe"
sh=9CB3CB80A2DC5D1D6B983DBC8294F4B37E0A1DE0 ft=1 fh=b49de9ed5813cafe vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\sdees\Documents\Downloads\GoogleChromeExtensionUpdate_m8.exe"
sh=1DA36F2CEBBB8BACCE6B13E4438FEEBCD11B284C ft=1 fh=72b5baba16092778 vn="Win32/Conduit.SearchProtect potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\10.31.0.526_0\APISupport\APISupport.dll"
sh=119B91098847A205621FA7388C8B4A2FC134F0EB ft=1 fh=a4ebcb24189af321 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\10.31.0.526_0\nativeMessaging\TBMessagingHost.exe"
sh=8E6270F9DA8ECE45F03149274B3DBD370FF2F404 ft=1 fh=141990a027dc0992 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\10.31.0.526_0\plugins\ChromeApiPlugin.dll"
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you very much Broni, I sincerely appreciate all your hard worek.
The pc is re booting faster. I now have to convince the owner to buy RAM because she thinks the security programs I put on it are (were) slowing it down. :)
 
2GB should be enough.
32-bit will accept up to 4GB but it'll only utilize about 3GB.

In any case...

Way to go!!
Good luck and stay safe :)
 
Ok & great. I've already run the crucial scan on it & left the results on the desktop.
I wish I knew how to read the logs like you do. Take care. :)
 
You must log in or register to reply here.

Similar threads

midian182
Scammer uses AI to pose as Brad Pitt, tricks woman into sending $850,000
Replies
12
Views
335
Che Cazzo
Che Cazzo
S
Techies are managing their marriages the same way they run their careers
Replies
10
Views
515
ZedRM
ZedRM
midian182
HP's TV ad campaign claims its printers are "made to be less hated"
Replies
11
Views
830
Xausejo
X

Latest posts

Back