Sponsored By

davew3232

Slow running

Recommended Posts

Howdy Dave and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished...
    *This time, click on the Clean button.
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log
Thanks
Chuck

 

 

Ok this will get you started for tonight & i will read the logs/reports in the morning & have another fix for you !!

Share this post


Link to post
Share on other sites
# AdwCleaner v3.010 - Report created 26/10/2013 at 22:06:46

# Updated 20/10/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Dave - LAPTOP

# Running from : C:\Users\Dave\Downloads\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : CltMngSvc

Service Found : vToolbarUpdater17.0.12

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Windows\System32\roboot64.exe

File Found : C:\Windows\System32\Tasks\Funmoods

Folder Found : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\file scout

Folder Found C:\Program Files (x86)\optimizer pro

Folder Found C:\Program Files (x86)\Searchprotect

Folder Found C:\Program Files (x86)\SweetTunes

Folder Found C:\ProgramData\Conduit

Folder Found C:\ProgramData\IBUpdaterService

Folder Found C:\ProgramData\Tarma Installer

Folder Found C:\Searchprotect

Folder Found C:\Users\Dave\AppData\Local\Conduit

Folder Found C:\Users\Dave\AppData\LocalLow\Conduit

Folder Found C:\Users\Dave\AppData\LocalLow\PriceGong

Folder Found C:\Users\Dave\AppData\LocalLow\SweetTunes

Folder Found C:\Users\Dave\AppData\Roaming\Conduit

Folder Found C:\Users\Dave\AppData\Roaming\DefaultTab

Folder Found C:\Users\Dave\AppData\Roaming\file scout

Folder Found C:\Users\Dave\AppData\Roaming\Funmoods

Folder Found C:\Users\Dave\AppData\Roaming\OpenCandy

Folder Found C:\Users\Dave\AppData\Roaming\PerformerSoft

Folder Found C:\Users\Dave\AppData\Roaming\Searchprotect

Folder Found C:\Users\Dave\Documents\optimizer pro

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\968bd9b738e917

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\smartbar

Key Found : HKCU\Software\AppDataLow\Software\SweetTunes

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\filescout

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Cr_Installer

Key Found : [x64] HKCU\Software\filescout

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKCU\Software\SearchProtect

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\968bd9b738e917

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3311875

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Found : HKLM\Software\InstallCore

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26C8C7C7-24CA-47D9-9CC9-7744240B53AF}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8AB61A6-C734-45B0-94CE-DF735E70CB3B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\Software\SweetTunes

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 


 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : homepage

Found : homepage

Found : homepage

 

*************************

 

AdwCleaner[R0].txt - [12660 octets] - [26/10/2013 22:06:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12721 octets] ##########

Share this post


Link to post
Share on other sites
# AdwCleaner v3.010 - Report created 26/10/2013 at 22:06:46

# Updated 20/10/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Dave - LAPTOP

# Running from : C:\Users\Dave\Downloads\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

Service Found : CltMngSvc

Service Found : vToolbarUpdater17.0.12

 

***** [ Files / Folders ] *****

 

File Found : C:\END

File Found : C:\Windows\System32\roboot64.exe

File Found : C:\Windows\System32\Tasks\Funmoods

Folder Found : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found C:\Program Files (x86)\Conduit

Folder Found C:\Program Files (x86)\file scout

Folder Found C:\Program Files (x86)\optimizer pro

Folder Found C:\Program Files (x86)\Searchprotect

Folder Found C:\Program Files (x86)\SweetTunes

Folder Found C:\ProgramData\Conduit

Folder Found C:\ProgramData\IBUpdaterService

Folder Found C:\ProgramData\Tarma Installer

Folder Found C:\Searchprotect

Folder Found C:\Users\Dave\AppData\Local\Conduit

Folder Found C:\Users\Dave\AppData\LocalLow\Conduit

Folder Found C:\Users\Dave\AppData\LocalLow\PriceGong

Folder Found C:\Users\Dave\AppData\LocalLow\SweetTunes

Folder Found C:\Users\Dave\AppData\Roaming\Conduit

Folder Found C:\Users\Dave\AppData\Roaming\DefaultTab

Folder Found C:\Users\Dave\AppData\Roaming\file scout

Folder Found C:\Users\Dave\AppData\Roaming\Funmoods

Folder Found C:\Users\Dave\AppData\Roaming\OpenCandy

Folder Found C:\Users\Dave\AppData\Roaming\PerformerSoft

Folder Found C:\Users\Dave\AppData\Roaming\Searchprotect

Folder Found C:\Users\Dave\Documents\optimizer pro

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\968bd9b738e917

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\smartbar

Key Found : HKCU\Software\AppDataLow\Software\SweetTunes

Key Found : HKCU\Software\AppDataLow\Toolbar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\filescout

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\APN PIP

Key Found : [x64] HKCU\Software\Conduit

Key Found : [x64] HKCU\Software\Cr_Installer

Key Found : [x64] HKCU\Software\filescout

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKCU\Software\SearchProtect

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\968bd9b738e917

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3311875

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

Key Found : HKLM\Software\InstallCore

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26C8C7C7-24CA-47D9-9CC9-7744240B53AF}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8AB61A6-C734-45B0-94CE-DF735E70CB3B}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FEC7248-515C-47BE-AB0A-6BC547472DEA}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC29227E-AC4E-438F-B1D8-9E588C29D26A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\Software\SweetTunes

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5FEC7248-515C-47BE-AB0A-6BC547472DEA}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 


 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : homepage

Found : homepage

Found : homepage

 

*************************

 

AdwCleaner[R0].txt - [12660 octets] - [26/10/2013 22:06:46]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12721 octets] ##########

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.27.01

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16721

Dave :: LAPTOP [administrator]

 

Protection: Enabled

 

10/26/2013 11:08:47 PM

MBAM-log-2013-10-26 (23-22-54).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226443

Time elapsed: 11 minute(s), 33 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Dave\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> No action taken.

 

(end)

Share this post


Link to post
Share on other sites

Hi Dave, look in add/remove/uninstall and remove this >>> optimizer pro

 

ok you have gave me 2 AdwCleaner logs, i only need 1, You did not follow the instructions right (this happens a lot) so lets try this again.

When you run adwcleaner it will scan your computer, after it is done you will be given the option to "Clean", click it !

Then post the new log !!

 

 

Now run the Junkware tool/program & post it's log !!

 

 

Now when you run Malwarebytes again please check the small box beside each that it found ! then the box that says "Remove Selected"  And post that log !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Hey Chuck I can not find optimizer pro anywhere on my computer I will run the programs again but I think I just gave you 2 of the AdwCleaner logs because I didnt copy and paste the Junkware one right the first time but I will run them all again later today I have to run to Billings today as per the boss. You know how that goes I am sure when they speak we have to listen.

Share this post


Link to post
Share on other sites

Sounds good Dave !! That's ok not finding the optimizer pro !

Go ahead and re-run them !

Share this post


Link to post
Share on other sites

Just wanted to make this clear:
AdwCleaner
*After the scan has finished...
*This time, click on the Clean button.

Junkware program should be on your desk or in it's folder >>> JRT.txt

 

 

Malwarebytes:  The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.

You have to click >>>  Remove Selected .

Share this post


Link to post
Share on other sites
# AdwCleaner v3.010 - Report created 27/10/2013 at 19:24:06

# Updated 20/10/2013 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Dave - LAPTOP

# Running from : C:\Users\Dave\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [12886 octets] - [26/10/2013 22:06:46]

AdwCleaner[R1].txt - [882 octets] - [26/10/2013 22:41:02]

AdwCleaner[R2].txt - [937 octets] - [27/10/2013 19:22:08]

AdwCleaner[s0].txt - [12470 octets] - [26/10/2013 22:09:45]

AdwCleaner[s1].txt - [859 octets] - [27/10/2013 19:24:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [918 octets] ##########

Share this post


Link to post
Share on other sites

Dave, that's what i wanted from AdwCleaner, it cleaned all that was found in your first log !

 

Chuck

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 8 x64

Ran by Dave on Sun 10/27/2013 at 19:37:49.13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\pchealthboost"

Failed to delete: [Folder] "C:\Program Files (x86)\pc healthboost"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 10/27/2013 at 19:58:55.73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites
alwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.10.27.01

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16721

Dave :: LAPTOP [administrator]

 

Protection: Enabled

 

10/27/2013 8:06:08 PM

mbam-log-2013-10-27 (20-06-08).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226101

Time elapsed: 11 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

Dave, Malwarebytes is clean now but we have more to do so stay with me till we get it clean !!

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

 

 

 

NEXT

 

 

 

Download DDS and save it to your Desktop.  >>> DDS
 

 

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

 

 

Post those logs next !

1. SecurityCheck log

2. DDS logs

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.74  

   x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

AVG AntiVirus Free Edition 2013   

Windows Defender                  

 Antivirus up to date!  (On Access scanning disabled!) 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Adobe Flash Player 11.9.900.117  

 Adobe Reader XI  

 Google Chrome 30.0.1599.101  

 Google Chrome 30.0.1599.69  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537

Run by Dave at 21:03:04 on 2013-10-27

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3682.2372 [GMT -6:00]

.

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\system32\dwm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Windows\system32\taskhostex.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Users\Dave\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


mWinlogon: Userinit = userinit.exe,

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Dave\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

dRun: [searchProtect] \SearchProtect\bin\cltmng.exe

StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ATHOME~1.LNK - C:\Program Files (x86)\AtHomeConnect\AtHomeConnect.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

TCP: NameServer = 67.215.21.202 72.21.70.3

TCP: Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06} : DHCPNameServer = 67.215.21.202 72.21.70.3

TCP: Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06}\375707562783 : DHCPNameServer = 68.87.77.130 68.87.72.130

TCP: Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06}\44166796466214C6F6E69716 : DHCPNameServer = 69.145.248.4 69.146.17.2 69.144.49.29

TCP: Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06}\C696E6B6379737 : DHCPNameServer = 67.215.21.202 72.21.70.3

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528]

R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280]

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-7-10 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]

R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632]

R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-15 92536]

R1 RapportCerberus_56758;RapportCerberus_56758;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys [2013-8-21 589872]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-9-10 265872]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-15 2451456]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2009-8-5 284016]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-26 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-26 701512]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-9-10 1435928]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-10-26 25928]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-9-15 339600]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-15 683664]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-15 57000]

R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 RapportHades64;RapportHades64;C:\Windows\System32\Drivers\RapportHades64.sys [2012-12-26 266928]

S3 RapportKE64;RapportKE64;C:\Windows\System32\Drivers\RapportKE64.sys [2012-12-26 295696]

S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-9-10 384432]

S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-15 41272]

S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-15 43832]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-10-28 02:03:07 -------- d-----w- C:\Users\Dave\AppData\Local\Avg2013

2013-10-27 05:07:30 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes

2013-10-27 05:07:08 -------- d-----w- C:\ProgramData\Malwarebytes

2013-10-27 05:07:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-10-27 05:07:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-27 04:13:00 -------- d-----w- C:\Windows\ERUNT

2013-10-27 04:05:45 -------- d-----w- C:\AdwCleaner

2013-10-15 19:44:43 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-15 19:44:43 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-13 03:39:54 1374208 ----a-w- C:\Windows\System32\wdc.dll

2013-10-13 03:39:53 566784 ----a-w- C:\Windows\System32\wvc.dll

2013-10-13 03:39:45 1245696 ----a-w- C:\Windows\SysWow64\wdc.dll

2013-10-13 03:39:44 462336 ----a-w- C:\Windows\System32\sysmon.ocx

2013-10-13 03:39:42 399360 ----a-w- C:\Windows\SysWow64\sysmon.ocx

2013-10-13 03:39:41 437248 ----a-w- C:\Windows\SysWow64\wvc.dll

2013-10-13 03:36:01 10116608 ----a-w- C:\Windows\System32\twinui.dll

2013-10-10 21:53:07 652288 ----a-w- C:\Windows\System32\comctl32.dll

2013-10-10 21:53:07 541696 ----a-w- C:\Windows\SysWow64\comctl32.dll

2013-10-10 21:53:02 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-10-10 21:53:02 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-10-10 21:53:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-10 21:53:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-10 21:51:05 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-10 21:51:01 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-10 21:50:58 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-10-08 01:19:07 -------- d-----w- C:\Users\Dave\AppData\Local\Programs

2013-10-08 01:18:15 -------- d-----w- C:\Users\Dave\AppData\Local\WordOv

2013-10-08 01:18:13 -------- d-----w- C:\Users\Dave\AppData\Roaming\RealNetworks

2013-10-08 01:16:56 -------- d-----w- C:\Program Files (x86)\RealNetworks

2013-10-08 01:16:45 -------- d-----w- C:\ProgramData\RealNetworks

2013-10-08 01:14:47 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2013-10-04 19:17:05 -------- d-----w- C:\Program Files\iPod

2013-10-04 19:17:04 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-10-04 19:17:04 -------- d-----w- C:\Program Files\iTunes

2013-10-04 19:17:04 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M  ====================

.

2013-10-08 01:13:30 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-10-08 01:13:30 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-10-02 02:57:03 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-09-11 05:18:30 266928 ----a-w- C:\Windows\System32\drivers\RapportHades64.sys

2013-09-11 05:18:28 295696 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys

2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys

2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys

2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll

2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe

2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe

2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe

2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll

2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe

2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll

2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll

2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll

2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll

2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll

2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll

2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll

2013-08-10 05:21:51 448512 ----a-w- C:\Windows\System32\SettingSync.dll

2013-08-10 05:21:51 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-08-10 03:58:51 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll

2013-08-07 05:15:02 144896 ----a-w- C:\Windows\System32\tssdisai.dll

2013-08-02 06:26:53 2304512 ----a-w- C:\Windows\System32\authui.dll

2013-08-02 05:08:18 8858112 ----a-w- C:\Windows\SysWow64\twinui.dll

2013-08-02 05:06:50 2035712 ----a-w- C:\Windows\SysWow64\authui.dll

2013-08-01 10:41:31 2233688 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 21:04:25.81 ===============

Share this post


Link to post
Share on other sites
.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 12/25/2012 6:49:48 PM

System Uptime: 10/27/2013 8:20:24 PM (1 hours ago)

.

Motherboard: Hewlett-Packard |  | 169A

Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1300/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 276 GiB total, 216.8 GiB free.

D: is FIXED (NTFS) - 21 GiB total, 2.619 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C309a series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C309a series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

==== System Restore Points ===================

.

RP76: 10/10/2013 8:15:54 PM - HPSF Restore Point

RP77: 10/13/2013 12:10:26 PM - Installed Rapport

RP78: 10/27/2013 1:20:31 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

4 Elements II

64 Bit HP CIO Components Installer

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Adobe Shockwave Player 11.6

aiofw

aioprnt

aioscnnr

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AtHomeConnect version 1.0.1.0

AVG 2013

AVG SafeGuard toolbar

Bejeweled 3

Bonjour

BufferChm

Build-a-lot 4 - Power Source

C309a

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

center

Chuzzle Deluxe

CorelDRAW 10

Cradle Of Egypt Collector's Edition

Cradle of Rome 2

CyberLink LabelPrint

CyberLink Media Suite 10

CyberLink Power2Go 8

CyberLink PowerDVD

CyberLink YouCam

D3DX10

Destinations

DeviceDiscovery

DocProc

Energy Star

Farm Frenzy

FATE: The Cursed King

Fax

Final Drive Fury

FlatOut 2

Google Chrome

Google Update Helper

Governor of Poker 2 Premium Edition

GPBaseService2

H&R Block Deluxe + Efile 2012

Hewlett-Packard ACLM.NET v1.2.0.0

Hoyle Card Games

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Documentation

HP Games

HP Imaging Device Functions 14.0

HP MyRoom

HP Photo Creations

HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6

HP Postscript Converter

HP Quick Launch

HP Recovery Manager

HP Registration Service

HP Software Framework

HP Solution Center 14.0

HP Support Assistant

HP Update

HP Utility Center

HP Wireless Button Driver

HPPhotoGadget

HPProductAssistant

HPSSupply

iCloud

IDT Audio

InternetHelper3 Chrome Toolbar

iTunes

Jewel Match 3

John Deere Drive Green

KODAK AiO Home Center

ksDIP

Luxor Evolved

Mahjongg Dimensions Deluxe: Tiles in Time

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

McAfee Security Scan Plus

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office

Microsoft Office XP Media Content

Microsoft Office XP Professional

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mortimer Beckett and the Crimson Thief Premium Edition

MSVCRT

Mystery P.I. - Curious Case of Counterfeit Cove

Network64

OCR Software by I.R.I.S. 14.0

OpenOffice.org 3.4.1

Peggle Nights

Penguins!

Polar Bowler

Polar Golfer

PreReq

PrintProjects

PS_AIO_05_C309_Software_Min

QuickTime

Ralink RT5390R 802.11bgn Wi-Fi Adapter

Rapport

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

RealUpgrade 1.1

Roads of Rome 3

SanDiskSecureAccess_Manager.exe

Scan

Shop for HP Supplies

Skypeâ„¢ 6.1

SolutionCenter

Status

SweetTunes Toolbar for IE

swMSM

Synaptics Pointing Device Driver

Tales of Lagoona

The Weather Channel App

Toolbox

TrayApp

Trusteer Endpoint Protection

Update Installer for WildTangent Games App

Vacation Questâ„¢ - Australia

Visual Studio 2010 x64 Redistributables

WebReg

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Language Selector

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

10/27/2013 8:22:00 PM, Error: Service Control Manager [7034]  - The AVG WatchDog service terminated unexpectedly.  It has done this 1 time(s).

10/27/2013 8:21:09 PM, Error: Service Control Manager [7024]  - 

10/27/2013 8:05:17 PM, Error: Service Control Manager [7022]  - The AVG WatchDog service hung on starting.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Dave, lets continue with the cleaning !

 

I need you to re-run Junkware Removal Tool again for me & post that log !

 

 

 

NEXT

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

 

Post next:

1. Junkware Removal tool log

2. OTL log(s)

 

 

Chuck

Share this post


Link to post
Share on other sites

We will remove all these programs after i get you clean !!

 

I will read your logs in the morning Dave !!

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.7 (10.15.2013:3)

OS: Windows 8 x64

Ran by Dave on Sun 10/27/2013 at 21:42:28.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\pchealthboost"

Failed to delete: [Folder] "C:\Program Files (x86)\pc healthboost"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 10/27/2013 at 22:02:51.55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites
OTL logfile created on: 10/27/2013 10:14:54 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.60 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 63.95% Memory free

4.22 Gb Paging File | 2.75 Gb Available in Paging File | 65.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 276.00 Gb Total Space | 216.80 Gb Free Space | 78.55% Space Free | Partition Type: NTFS

Drive D: | 21.33 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

 

Computer Name: LAPTOP | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/10/27 22:12:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL (1).com

PRC - [2013/10/08 18:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/10/07 19:13:49 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/10/12 15:16:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2012/02/15 00:39:36 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Users\Dave\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

PRC - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/10/08 18:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll

MOD - [2013/10/08 18:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

MOD - [2013/10/08 18:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

MOD - [2013/10/08 18:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll

MOD - [2013/10/08 18:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

MOD - [2013/08/21 11:14:59 | 000,991,984 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

MOD - [2012/02/14 17:37:52 | 011,796,096 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/07/01 18:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/05/29 20:47:42 | 000,322,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/08/06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/08/02 03:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV - [2013/10/08 19:13:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/08/10 18:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 21:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2012/07/25 21:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2012/07/13 19:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2012/07/09 14:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/08/18 01:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/09/10 23:18:30 | 000,266,928 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RapportHades64.sys -- (RapportHades64)

DRV:64bit: - [2013/09/10 23:18:28 | 000,295,696 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)

DRV:64bit: - [2013/07/01 19:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/07/01 18:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/07/01 16:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/06/10 15:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/05/29 20:47:43 | 000,542,208 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)

DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2013/05/04 01:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 04:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/01/29 18:15:04 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/26 05:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)

DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/10 21:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/08/24 03:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/08/24 03:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)

DRV:64bit: - [2012/08/24 03:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/03 15:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)

DRV:64bit: - [2012/08/02 04:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/08/02 02:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 20:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/23 15:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2012/07/23 15:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2012/07/04 12:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)

DRV:64bit: - [2012/06/18 20:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2012/06/12 23:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/06/02 08:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV - [2013/09/10 23:18:30 | 000,265,872 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2013/09/10 23:18:28 | 000,384,432 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2013/08/21 11:14:57 | 000,589,872 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys -- (RapportCerberus_56758)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/07 19:17:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/07 19:17:00 | 000,000,000 | ---D | M]

 

[2013/10/08 21:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ij70wgnu.default\extensions

[2013/10/08 21:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ij70wgnu.default\extensions\{5fec7248-515c-47be-ab0a-6bc547472dea}

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - Extension: Google Drive = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: RealDownloader = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\

CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3 - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found

O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found

O4 - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002..\Run: [sanDiskSecureAccess_Manager.exe] C:\Users\Dave\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.215.21.202 72.21.70.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC630F40-72F6-4549-BBE1-447BF8209C06}: DhcpNameServer = 67.215.21.202 72.21.70.3

O18:64bit: - Protocol\Handler\cdo - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7c7c7a2e-764b-11e2-be8b-c8cbb8b06c44}\Shell - "" = AutoRun

O33 - MountPoints2\{7c7c7a2e-764b-11e2-be8b-c8cbb8b06c44}\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 180 Days ==========

 

[2013/10/27 21:08:57 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\Scans

[2013/10/27 20:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Avg2013

[2013/10/26 23:07:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes

[2013/10/26 23:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/10/26 23:07:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/10/26 23:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/10/26 22:13:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/10/26 22:05:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/10/15 13:44:43 | 000,694,232 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/15 13:44:43 | 000,078,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/10/12 21:39:54 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll

[2013/10/12 21:39:53 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll

[2013/10/12 21:39:45 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll

[2013/10/12 21:39:44 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx

[2013/10/12 21:39:42 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx

[2013/10/12 21:39:41 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll

[2013/10/12 21:36:01 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013/10/12 21:35:57 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013/10/12 21:35:56 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll

[2013/10/12 21:35:51 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/10/12 21:35:51 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/10/12 21:35:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll

[2013/10/12 21:35:51 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/10/12 21:35:50 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll

[2013/10/12 21:35:50 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll

[2013/10/12 21:35:49 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll

[2013/10/12 21:35:48 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll

[2013/10/10 15:53:07 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/10/10 15:53:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll

[2013/10/10 15:53:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/10/10 15:52:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/10/10 15:52:58 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll

[2013/10/10 15:52:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/10/10 15:52:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/10/10 15:52:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/10/10 15:52:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/10/10 15:52:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/10/10 15:52:50 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll

[2013/10/10 15:52:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/10/10 15:52:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/10/10 15:51:05 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/10/10 15:51:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/10/10 15:48:41 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2013/10/10 15:48:40 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/10/10 15:48:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys

[2013/10/10 15:48:25 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/10/10 15:48:25 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/10/10 15:48:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/10/10 15:48:25 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/10/10 15:48:15 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/10/10 15:48:15 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/10/10 15:48:10 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 15:48:10 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 15:48:09 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS

[2013/10/10 15:48:08 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS

[2013/10/10 15:48:08 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS

[2013/10/07 19:19:07 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Programs

[2013/10/07 19:18:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\WordOv

[2013/10/07 19:18:13 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\RealNetworks

[2013/10/07 19:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks

[2013/10/07 19:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks

[2013/10/07 19:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2013/10/07 19:14:31 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2013/10/07 19:14:08 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2013/10/07 19:14:08 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2013/10/07 19:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2013/10/07 19:13:56 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2013/10/07 19:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real

[2013/10/07 19:11:24 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Real

[2013/10/07 19:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2013/10/04 13:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/10/04 13:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/10/04 13:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/10/04 13:17:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/10/04 13:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/09/25 18:58:09 | 000,000,000 | ---D | C] -- C:\Users\Dave\New folder (2)

[2013/09/25 18:56:05 | 000,000,000 | ---D | C] -- C:\Users\Dave\New folder

[2013/09/25 18:54:30 | 000,000,000 | ---D | C] -- C:\Users\Dave\Work

[2013/09/20 22:57:50 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe

[2013/09/20 22:57:49 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll

[2013/09/20 22:57:49 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll

[2013/09/20 22:57:44 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll

[2013/09/20 22:57:44 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll

[2013/09/20 22:57:43 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll

[2013/09/20 22:57:42 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013/09/20 22:57:41 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll

[2013/09/20 22:57:41 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll

[2013/09/20 22:57:40 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll

[2013/09/20 22:57:39 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2013/09/20 22:57:38 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

[2013/09/20 22:57:37 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll

[2013/09/20 22:57:34 | 001,621,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013/09/20 22:57:33 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll

[2013/09/20 22:57:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013/09/20 22:57:32 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013/09/20 22:57:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2013/09/20 22:57:31 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll

[2013/09/20 22:57:30 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll

[2013/09/20 22:57:29 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll

[2013/09/20 22:57:29 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys

[2013/09/20 22:57:29 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2013/09/20 22:57:28 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll

[2013/09/20 22:57:27 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll

[2013/09/20 22:57:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013/09/20 22:57:26 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013/09/20 22:57:25 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2013/09/20 22:57:23 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2013/09/20 22:57:22 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll

[2013/09/20 22:57:22 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013/09/20 22:57:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2013/09/20 22:57:21 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/09/20 22:57:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/09/20 22:57:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll

[2013/09/20 22:52:13 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll

[2013/09/20 19:32:12 | 000,000,000 | ---D | C] -- C:\temp

[2013/09/20 19:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost

[2013/09/20 19:31:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC HealthBoost

[2013/09/20 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PCHealthBoost

[2013/09/20 19:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014

[2013/09/20 19:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeMeter

[2013/09/20 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetData

[2013/09/11 09:02:26 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Macromedia

[2013/09/11 09:00:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Mozilla

[2013/09/11 09:00:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Mozilla

[2013/09/11 09:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2013/09/11 08:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/08/27 11:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/08/21 11:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

[2013/08/19 17:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

[2013/08/19 17:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center

[2013/08/19 17:14:50 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll

[2013/08/19 17:14:48 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll

[2013/08/19 17:14:46 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2013/08/19 17:14:46 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2013/08/19 17:14:45 | 001,300,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

[2013/08/19 17:14:44 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL

[2013/08/19 17:14:43 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll

[2013/08/19 17:14:43 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys

[2013/08/19 17:14:42 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe

[2013/08/19 17:14:42 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll

[2013/08/19 17:14:42 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll

[2013/08/19 17:14:42 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll

[2013/08/19 17:14:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll

[2013/08/19 17:14:41 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe

[2013/08/19 17:14:41 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll

[2013/08/19 17:14:38 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2013/08/19 17:14:38 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys

[2013/08/19 17:14:38 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys

[2013/08/19 17:14:37 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll

[2013/08/19 17:14:37 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2013/08/19 17:14:37 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys

[2013/08/19 17:14:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll

[2013/08/19 17:14:36 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll

[2013/08/19 17:14:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll

[2013/08/19 17:14:36 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL

[2013/08/19 17:14:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe

[2013/08/19 17:14:35 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll

[2013/08/19 17:14:35 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll

[2013/08/19 17:14:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe

[2013/08/19 17:14:34 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll

[2013/08/19 17:14:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll

[2013/08/19 17:12:38 | 000,000,000 | ---D | C] -- C:\1570ac898210a48ebc25d182f807

[2013/08/17 01:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

[2013/08/16 12:37:31 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys

[2013/08/16 12:37:31 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys

[2013/08/14 23:09:25 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll

[2013/08/14 15:12:06 | 001,889,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/08/14 15:12:05 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013/08/14 15:12:04 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll

[2013/08/14 15:12:04 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll

[2013/08/14 15:12:04 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll

[2013/08/14 15:12:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll

[2013/07/26 19:11:44 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager

[2013/07/26 19:11:41 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SanDisk

[2013/07/26 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SanDisk SecureAccess

[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys

[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys

[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2013/07/16 18:43:51 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll

[2013/07/16 18:43:48 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/07/16 18:43:48 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll

[2013/07/16 18:43:47 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/07/16 18:43:47 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2013/07/16 18:43:44 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll

[2013/07/16 18:43:41 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll

[2013/07/16 18:43:41 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll

[2013/07/16 18:43:39 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2013/07/16 18:43:39 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2013/07/16 18:43:38 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/07/16 18:43:37 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2013/07/16 18:43:37 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2013/07/16 18:43:37 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll

[2013/07/16 18:43:36 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll

[2013/07/16 18:43:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/07/16 18:43:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll

[2013/07/16 18:43:34 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll

[2013/07/16 18:43:34 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll

[2013/07/16 18:43:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe

[2013/07/16 18:43:32 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll

[2013/07/16 18:43:32 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys

[2013/07/16 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Corel User Files

[2013/07/16 10:37:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Fonts

[2013/07/13 13:15:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Graphics

[2013/07/11 10:56:53 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/07/11 10:56:50 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2013/07/11 10:56:50 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013/07/11 10:54:23 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/07/11 10:54:22 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/07/10 01:32:38 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[2013/07/09 01:28:50 | 000,248,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgwfpa.sys

[2013/07/07 17:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2013/07/07 17:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2013/07/07 17:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2013/07/07 17:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

[2013/07/07 17:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2013/07/07 17:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2013/07/07 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Adobe

[2013/07/01 01:45:28 | 000,116,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2013/06/21 21:55:05 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Apple Computer

[2013/06/21 21:54:16 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys

[2013/06/21 21:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

[2013/06/21 21:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013/06/21 21:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/06/21 21:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/06/21 21:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2013/06/16 15:19:44 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/06/15 23:15:14 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe

[2013/06/15 23:15:13 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll

[2013/06/15 23:15:13 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll

[2013/06/15 23:15:12 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe

[2013/06/15 11:20:12 | 013,644,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll

[2013/06/15 11:20:06 | 010,788,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll

[2013/06/15 11:20:02 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll

[2013/06/15 11:19:54 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll

[2013/06/15 11:19:48 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs

[2013/06/15 11:19:48 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs

[2013/06/15 11:19:47 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll

[2013/06/15 11:19:47 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll

[2013/06/15 11:19:47 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll

[2013/06/15 11:19:47 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll

[2013/06/15 11:19:46 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll

[2013/06/15 11:19:46 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll

[2013/06/15 11:19:45 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe

[2013/06/15 11:19:44 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll

[2013/06/15 11:19:44 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll

[2013/06/15 11:19:41 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll

[2013/06/15 11:19:40 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll

[2013/06/15 11:19:40 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys

[2013/06/15 11:19:39 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl

[2013/06/15 11:19:39 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe

[2013/06/15 11:19:38 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe

[2013/06/15 11:19:37 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll

[2013/06/15 11:19:37 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll

[2013/06/15 11:19:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll

[2013/06/15 11:19:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl

[2013/06/15 11:19:35 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll

[2013/06/15 11:19:34 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll

[2013/06/15 11:19:34 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll

[2013/06/15 11:19:32 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll

[2013/06/15 11:19:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll

[2013/06/12 15:40:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/12 15:40:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/12 08:40:52 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/12 08:40:51 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/12 08:40:51 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/12 08:40:45 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/05/29 20:53:04 | 006,085,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll

[2013/05/29 20:53:04 | 001,821,184 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl

[2013/05/29 20:53:04 | 001,664,000 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe

[2013/05/29 20:52:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs

[2013/05/29 20:49:36 | 000,255,488 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll

[2013/05/29 20:49:28 | 000,542,208 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys

[2013/05/29 20:49:26 | 002,188,800 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll

[2013/05/29 20:49:26 | 000,671,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll

[2013/05/29 20:49:26 | 000,499,200 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll

[2013/05/23 23:08:49 | 000,000,000 | -H-D | C] -- C:\$SysReset

[2013/05/17 09:17:06 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2013/05/17 09:17:05 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2013/05/17 09:17:01 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2013/05/17 09:16:58 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2013/05/17 09:16:55 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2013/05/17 09:16:53 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2013/05/17 09:16:49 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2013/05/17 09:16:47 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll

[2013/05/17 09:16:37 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll

[2013/05/17 09:16:36 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll

[2013/05/17 09:16:35 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2013/05/17 09:16:34 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll

[2013/05/17 09:16:33 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll

[2013/05/17 09:16:33 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2013/05/17 09:16:31 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll

[2013/05/17 09:16:30 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2013/05/17 09:16:30 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/05/17 09:16:30 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll

[2013/05/17 09:16:28 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll

[2013/05/17 09:16:28 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe

[2013/05/17 09:16:27 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe

[2013/05/17 09:16:27 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll

[2013/05/17 09:16:21 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll

[2013/05/17 09:16:20 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll

[2013/05/17 09:16:20 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll

[2013/05/17 09:16:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll

[2013/05/17 09:16:19 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2013/05/17 09:16:19 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll

[2013/05/17 09:16:19 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2013/05/17 09:16:19 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll

[2013/05/17 09:16:18 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll

[2013/05/17 09:16:17 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe

[2013/05/17 09:16:17 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll

[2013/05/17 09:16:16 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll

[2013/05/17 09:16:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2013/05/17 09:16:16 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe

[2013/05/17 09:16:15 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2013/05/17 09:16:15 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll

[2013/05/17 09:16:15 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll

[2013/05/17 09:16:14 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2013/05/17 09:16:14 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll

[2013/05/17 09:16:14 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll

[2013/05/17 09:16:13 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll

[2013/05/17 09:16:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2013/05/17 09:16:13 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll

[2013/05/17 09:16:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll

[2013/05/17 09:16:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll

[2013/05/17 09:16:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll

[2013/05/15 19:48:08 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2013/05/15 19:48:06 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2013/05/15 08:50:08 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/13 15:36:12 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll

[2013/05/13 15:36:06 | 000,050,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys

[2013/05/06 08:32:28 | 002,274,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\coin94.dll

[2013/05/06 08:32:28 | 000,076,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys

[2013/05/01 03:59:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2013/05/01 03:59:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[1 C:\Users\Dave\Documents\*.tmp files -> C:\Users\Dave\Documents\*.tmp -> ]

 

========== Files - Modified Within 180 Days ==========

 

[2013/10/27 22:13:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/27 22:11:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/10/27 21:52:26 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job

[2013/10/27 21:47:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/10/27 21:41:59 | 000,001,050 | ---- | M] () -- C:\Users\Dave\Desktop\JRT - Shortcut.lnk

[2013/10/27 21:36:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job

[2013/10/27 20:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/27 20:20:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/10/27 20:20:38 | 3088,900,096 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/27 19:26:01 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDave.job

[2013/10/26 23:07:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/10/26 22:25:45 | 001,653,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/07 19:14:31 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2013/10/07 19:14:08 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2013/10/07 19:14:08 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2013/10/07 19:13:57 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2013/10/04 13:18:10 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/10/01 20:57:21 | 000,003,734 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

[2013/10/01 20:57:03 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013/10/01 19:38:13 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/10/01 19:38:13 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/10/01 12:14:12 | 000,000,068 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\WB.CFG

[2013/09/22 17:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/09/22 16:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/09/22 16:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/09/22 16:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/09/22 16:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/09/20 23:25:14 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/09/20 23:25:14 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/09/20 23:25:14 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/09/10 23:18:30 | 000,266,928 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportHades64.sys

[2013/09/10 23:18:28 | 000,295,696 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys

[2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys

[2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll

[2013/08/15 23:39:26 | 000,059,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2013/08/15 23:32:48 | 000,209,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe

[2013/08/15 23:22:22 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2013/08/15 23:21:55 | 001,621,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2013/08/15 23:21:55 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll

[2013/08/15 23:21:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2013/08/15 23:21:55 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2013/08/15 23:21:55 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2013/08/15 23:21:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2013/08/15 23:21:53 | 000,773,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2013/08/15 23:21:43 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll

[2013/08/15 23:21:43 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll

[2013/08/15 23:21:42 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll

[2013/08/15 23:21:42 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll

[2013/08/15 23:21:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/08/15 23:21:22 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll

[2013/08/15 23:21:18 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll

[2013/08/15 23:21:18 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll

[2013/08/15 23:21:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll

[2013/08/15 23:21:00 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll

[2013/08/15 23:20:30 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll

[2013/08/15 16:43:21 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe

[2013/08/15 16:43:07 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll

[2013/08/15 16:43:07 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll

[2013/08/15 16:43:07 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll

[2013/08/15 16:43:07 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll

[2013/08/15 16:43:03 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll

[2013/08/15 16:43:03 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll

[2013/08/15 16:43:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll

[2013/08/15 16:43:02 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll

[2013/08/15 16:43:02 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[2013/08/15 16:43:02 | 000,083,968 | ---- | M] () -- C:\Windows\SysWow64\OEMLicense.dll

[2013/08/15 16:42:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll

[2013/08/15 16:42:47 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll

[2013/08/09 23:21:51 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll

[2013/08/09 23:21:51 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll

[2013/08/09 21:58:51 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll

[2013/08/06 23:15:02 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll

[2013/08/03 00:40:49 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx

[2013/08/03 00:40:17 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll

[2013/08/03 00:40:01 | 001,374,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll

[2013/08/02 23:14:15 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx

[2013/08/02 23:13:57 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll

[2013/08/02 23:13:43 | 001,245,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll

[2013/08/02 18:02:49 | 356,661,235 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/08/02 00:28:29 | 010,116,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll

[2013/08/02 00:28:20 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/08/02 00:26:53 | 002,304,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/08/01 23:08:18 | 008,858,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll

[2013/08/01 23:06:50 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/07/30 17:30:05 | 000,386,923 | ---- | M] () -- C:\Windows\SysNative\ApnDatabase.xml

[2013/07/26 21:58:39 | 002,207,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll

[2013/07/26 19:53:41 | 000,001,312 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk

[2013/07/24 17:10:08 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll

[2013/07/24 17:06:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll

[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys

[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys

[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

[2013/07/19 16:13:34 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2013/07/19 16:13:15 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

[2013/07/13 00:18:21 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2013/07/13 00:16:06 | 001,889,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/07/13 00:15:53 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll

[2013/07/13 00:15:53 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll

[2013/07/12 22:23:03 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll

[2013/07/12 22:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll

[2013/07/12 19:51:22 | 000,000,017 | ---- | M] () -- C:\Users\Dave\AppData\Local\resmon.resmoncfg

[2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys

[2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys

[2013/07/09 01:28:50 | 000,248,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgwfpa.sys

[2013/07/09 00:18:21 | 000,439,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe

[2013/07/08 22:25:45 | 000,385,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe

[2013/07/08 21:57:19 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll

[2013/07/08 16:46:00 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll

[2013/07/08 16:46:00 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll

[2013/07/08 16:46:00 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll

[2013/07/08 16:45:16 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll

[2013/07/07 17:22:56 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2013/07/07 17:22:56 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/07/05 18:16:17 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2013/07/05 18:15:29 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2013/07/02 18:23:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll

[2013/07/02 18:23:12 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2013/07/02 18:22:47 | 002,839,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll

[2013/07/02 18:22:26 | 001,300,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll

[2013/07/02 18:11:23 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2013/07/02 18:10:53 | 002,273,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll

[2013/07/01 19:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS

[2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS

[2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS

[2013/07/01 18:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys

[2013/07/01 16:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys

[2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2013/06/30 19:42:09 | 000,498,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2013/06/30 19:42:09 | 000,021,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2013/06/30 16:30:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe

[2013/06/30 16:29:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe

[2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2013/06/29 00:15:47 | 000,125,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys

[2013/06/28 23:43:16 | 000,327,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys

[2013/06/28 21:08:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys

[2013/06/28 21:07:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys

[2013/06/25 14:54:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll

[2013/06/24 16:54:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll

[2013/06/21 23:45:57 | 000,054,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2013/06/18 23:36:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll

[2013/06/18 23:36:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll

[2013/06/18 16:38:00 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll

[2013/06/11 17:26:20 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll

[2013/06/10 15:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys

[2013/06/10 13:16:07 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll

[2013/06/10 13:15:38 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL

[2013/06/10 13:10:58 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll

[2013/06/10 13:10:37 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL

[2013/06/01 05:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013/06/01 05:26:31 | 006,987,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/06/01 04:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2013/06/01 03:25:52 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/06/01 03:25:03 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013/06/01 03:24:09 | 001,453,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll

[2013/06/01 03:24:09 | 000,850,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll

[2013/06/01 03:23:46 | 001,842,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll

[2013/06/01 03:22:47 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe

[2013/06/01 03:22:33 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/06/01 03:22:09 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll

[2013/06/01 03:21:39 | 000,729,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll

[2013/06/01 03:21:39 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll

[2013/06/01 03:21:34 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2013/06/01 03:20:45 | 000,583,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll

[2013/06/01 03:20:34 | 001,527,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll

[2013/06/01 03:20:34 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll

[2013/06/01 03:20:04 | 002,219,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll

[2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll

[2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys

[2013/05/30 17:24:29 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/05/29 20:47:43 | 006,085,632 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll

[2013/05/29 20:47:43 | 001,664,000 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe

[2013/05/29 20:47:43 | 000,542,208 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys

[2013/05/29 20:47:43 | 000,499,200 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll

[2013/05/29 20:47:42 | 002,188,800 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll

[2013/05/29 20:47:42 | 000,671,744 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll

[2013/05/29 20:47:42 | 000,255,488 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll

[2013/05/29 20:47:37 | 001,821,184 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl

[2013/05/26 17:17:30 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2013/05/26 16:59:03 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2013/05/24 21:15:19 | 000,362,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2013/05/24 20:32:52 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2013/05/24 16:09:20 | 001,403,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2013/05/24 16:09:20 | 001,271,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2013/05/24 16:09:20 | 001,217,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2013/05/24 16:09:20 | 001,093,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2013/05/23 17:02:30 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll

[2013/05/15 16:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll

[2013/05/15 16:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll

[2013/05/14 20:25:59 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe

[2013/05/14 20:25:44 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll

[2013/05/14 20:24:10 | 000,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe

[2013/05/14 20:24:01 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll

[2013/05/13 15:36:12 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll

[2013/05/13 15:36:12 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll

[2013/05/13 15:36:12 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll

[2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys

[2013/05/06 08:32:28 | 002,274,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\coin94.dll

[2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dc3d.sys

[2013/05/04 01:58:17 | 000,120,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe

[2013/05/04 01:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys

[2013/05/04 00:59:36 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe

[2013/05/04 00:59:21 | 002,842,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/05/04 00:59:08 | 013,644,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll

[2013/05/04 00:58:54 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll

[2013/05/04 00:58:48 | 000,330,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll

[2013/05/04 00:58:28 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll

[2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll

[2013/05/04 00:58:01 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll

[2013/05/04 00:57:59 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll

[2013/05/04 00:57:46 | 000,560,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll

[2013/05/04 00:57:15 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll

[2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll

[2013/05/04 00:57:05 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll

[2013/05/04 00:57:04 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll

[2013/05/04 00:57:00 | 001,131,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll

[2013/05/04 00:57:00 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll

[2013/05/04 00:56:53 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl

[2013/05/03 22:58:14 | 000,758,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe

[2013/05/03 22:57:58 | 002,620,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/05/03 22:57:49 | 010,788,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll

[2013/05/03 22:57:39 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll

[2013/05/03 22:57:04 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll

[2013/05/03 22:57:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll

[2013/05/03 22:56:48 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll

[2013/05/03 22:56:14 | 000,449,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll

[2013/05/03 22:56:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll

[2013/05/03 22:56:05 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll

[2013/05/03 22:55:58 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl

[2013/05/03 22:51:38 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysNative\rars.rs

[2013/05/03 22:10:47 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\rars.rs

[2013/05/01 03:59:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx

[2013/05/01 03:59:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts

[1 C:\Users\Dave\Documents\*.tmp files -> C:\Users\Dave\Documents\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/10/27 21:41:59 | 000,001,050 | ---- | C] () -- C:\Users\Dave\Desktop\JRT - Shortcut.lnk

[2013/10/26 23:07:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/10/26 22:25:45 | 001,653,808 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/10/12 21:35:48 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml

[2013/10/04 13:18:10 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2013/09/27 22:05:34 | 000,003,734 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml

[2013/09/27 12:09:03 | 000,000,068 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\WB.CFG

[2013/09/20 22:57:19 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2013/07/12 19:51:22 | 000,000,017 | ---- | C] () -- C:\Users\Dave\AppData\Local\resmon.resmoncfg

[2013/07/07 17:20:44 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2013/07/07 17:20:44 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2013/07/07 17:20:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/06/25 14:54:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2013/03/17 16:59:51 | 000,001,067 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp

[2013/03/17 16:33:22 | 000,225,825 | ---- | C] () -- C:\Windows\hpoins35.dat

[2013/03/17 16:33:22 | 000,001,067 | ---- | C] () -- C:\Windows\hpomdl35.dat

[2012/12/27 19:13:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/08/17 18:11:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/08/03 16:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/02 02:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/08/02 02:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012/07/25 14:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2012/07/25 14:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2012/07/25 14:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 

========== ZeroAccess Check ==========

 

[2012/08/17 18:26:03 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 00:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 23:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Purity Check ==========

 

 

 

< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 10/27/2013 10:14:54 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dave\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16721)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.60 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 63.95% Memory free

4.22 Gb Paging File | 2.75 Gb Available in Paging File | 65.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 276.00 Gb Total Space | 216.80 Gb Free Space | 78.55% Space Free | Partition Type: NTFS

Drive D: | 21.33 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

 

Computer Name: LAPTOP | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{43B3AACF-45EB-4B05-AA02-B3077FFCDE9C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 

"{51D9E665-683E-4856-ADC8-D9292260C609}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{6B288D59-35D7-4560-8063-5E2D274490CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{910AE036-C75B-4250-9F09-A9448E203513}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 

"{B803DC99-019C-400E-8B42-BCF98DD0CBC3}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03DBB28F-E233-4534-972D-69CF6C13A413}" = dir=in | name=hp+ | 

"{07531A7F-0AE1-49FF-B287-397F55CA06B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 

"{07AAE2C5-14EE-4CDF-84DB-02FC86A4A54C}" = dir=out | name=netflix | 

"{0DD3F581-C76D-4528-A0EF-67F710C2E826}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 

"{0FD14463-2202-4FA6-9129-9BFD7779AB93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 


"{151668CE-44AB-44CF-9EE6-15195BB90226}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | 

"{19711016-E1A8-48F7-BB52-ABFB014C8FCC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 

"{198DB91B-EDB0-42ED-B38C-1B759757FC72}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 

"{1C0E78D2-1D6D-45D2-AD96-F50715921004}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 

"{1F270FBB-6CBB-4DBA-8B78-EE7BDD64FFFB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 

"{20582113-2722-47BD-82E9-DD4AF1B24525}" = dir=out | name=easy diy | 


"{26016C1A-DC13-4A7A-B87D-7B35A6BD15EF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 

"{267FB111-1BE4-4BC4-A8E4-7DE19B86329C}" = dir=out | name=ebay | 

"{26E34F31-158D-4098-BF23-BE810C493A86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{28BD95FB-FCD5-4BB2-8A21-272E74BBB609}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 

"{2CC191C4-E30C-4F8F-A177-79DEDF5C85D1}" = dir=out | name=iheartradio | 

"{2E225E47-F63B-4BCB-9A3D-00D39F537A42}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 

"{36ECDF71-DC35-466B-8B5C-0B17108DD969}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 

"{37DB58ED-91B7-4532-884D-9D9528B6C226}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 

"{381C99C7-DC03-4A2A-BECC-B26826D14E88}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{3850A51C-1A27-489F-9EA1-D872216A076D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{3A57F579-7DE1-4B05-99FA-AD54182A832C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 

"{43184DE2-7AED-4BCB-9A40-C9A580C2B612}" = dir=out | name=hp printer control | 



"{44B8C1FC-99FB-4C51-B30C-FBA4017793DC}" = dir=in | name=hp printer control | 

"{476B597A-E6B7-437F-9091-2D4C1DA0C5B3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 


"{4F9777AB-DB6C-4CF3-B207-BA1DB676B171}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 

"{546608D9-4876-4F81-8BE8-58CC4BF78D42}" = dir=in | name=ebay | 


"{59C27785-55AE-40E7-983C-919377142F37}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 

"{6B371E8F-FFC4-4EAD-BBA6-6B48456CE480}" = dir=out | name=hp registration | 

"{6B5C7923-3D9E-4111-AF91-8D364EA55128}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 


"{781B4773-97FE-4F90-883D-1C9DA4C1948D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{78C9C4E2-3A66-4322-8804-06EC7FF38E8E}" = dir=out | name=norton studio | 


"{82EC8B0A-751F-454C-A5BD-E8A39F8F7831}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 

"{837481C4-6BE3-4724-93DE-04344545E1BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 

"{87D56309-C907-4C96-945B-71A72AA371B9}" = dir=out | name=hp connected photo powered by snapfish | 

"{8A0F0DBE-48D9-4A52-B212-2AF7B1462902}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 

"{8DE79230-48B9-4691-A167-9C8AC4F65C19}" = dir=in | name=hp connected photo powered by snapfish | 

"{90142915-B93E-41C2-9F1A-9D272D70F90D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{91D585D5-C91F-42C4-9111-126554242621}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 

"{91E1FA52-1AC5-43D9-9ED7-12318E3648CF}" = dir=out | name=getting started with windows 8 | 

"{934CFA53-948E-4868-8CD5-F12B9FC6BDB2}" = dir=out | name=finance helper | 




"{9D26F191-F22A-4E94-B64C-5BFD0E9E282F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 

"{9F802A4A-A96B-4965-9C19-1B48DA693464}" = dir=out | name=work it out | 

"{A10B8D24-5239-44DA-B105-FBDD917A39C1}" = dir=out | name=microsoft solitaire collection | 


"{AB35DE72-4497-4541-A06D-A39BA2EF5DB7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 

"{B03CADAD-F714-4A36-B91F-DB49D0F75948}" = dir=out | name=pinball fx2 | 

"{B94560A9-131A-4CA8-8BC0-F49745D77A16}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 





"{CF960A71-2A1C-4184-BC65-7C3B00F1955A}" = dir=in | name=pinball fx2 | 

"{D074B610-22D4-42B3-9A6C-471DC129952D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 


"{D77152BF-8A9E-4CD9-9179-B0DC5CD975FD}" = dir=in | app=c:\users\dave\appdata\local\temp\7zs00d5\setup\hpznui40.exe | 

"{DC56DC94-2D87-496C-AEF8-17F9652D991C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{DE25D9F1-4D02-4BFC-8057-DB37FA61FF65}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 

"{E22C0720-45A7-42C8-865D-54F55AADEA4E}" = dir=out | name=microsoft mahjong | 

"{E6FFBC3C-DB39-499E-831E-E2E100C3763F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 


"{ED1DDEB0-C97C-4EB1-85CC-1144FA582B72}" = dir=out | name=hp+ | 


"{EDA11C8E-7185-4EE7-A505-1B884A0E750A}" = dir=out | name=kindle | 

"{F567D314-85D4-42BF-9EEB-A84F29E00BEE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{FBDA0F67-9F61-4A3F-B726-236DA16A646B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager

"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes

"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center

"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service

"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64

"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud

"{F089B734-1356-484F-A7B8-1B78F1616A15}" = HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6

"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer

"AVG" = AVG 2013

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"HPOCR" = OCR Software by I.R.I.S. 14.0

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean

"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center

"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding

"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai

"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.1

"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch

"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager

"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{631EFC00-5A7A-4A90-9578-039EDA92DE0F}_is1" = AtHomeConnect version 1.0.1.0

"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German

"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian

"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Deluxe + Efile 2012

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy

"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish

"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common

"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom

"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10

"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish

"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese

"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian

"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime

"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional

"{C045ED98-5FDB-45A0-AB48-C4B7560E7816}" = C309a

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center

"{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}" = HP Documentation

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian

"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French

"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{FA0E7183-6B11-4899-B25F-2C490543967E}" = PS_AIO_05_C309_Software_Min

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr

"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AVG SafeGuard toolbar" = AVG SafeGuard toolbar

"CorelDRAW 10" = CorelDRAW 10

"Google Chrome" = Google Chrome

"HP Photo Creations" = HP Photo Creations

"IECT3311875" = SweetTunes Toolbar for IE

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"InternetHelper3 Chrome Toolbar" = InternetHelper3 Chrome Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"PrintProjects" = PrintProjects

"Rapport_msi" = Trusteer Endpoint Protection

"RealPlayer 16.0" = RealPlayer

"The Weather Channel App" = The Weather Channel App

"WildTangent hp Master Uninstall" = HP Games

"WildTangent wildgames Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-34a0f46f-2586-4346-812c-3e18d190d88a" = Luxor Evolved

"WTA-3e034c4a-10db-4d90-986c-4ad842d30c78" = Polar Bowler

"WTA-43d91043-ebc0-4697-8d3d-d2bc3c24954c" = Farm Frenzy

"WTA-4685aa80-dc5b-4935-83fa-befd7b91e9f5" = Chuzzle Deluxe

"WTA-4a27aa2d-9c25-4db9-98ad-36510c794c7f" = Cradle Of Egypt Collector's Edition

"WTA-4a30ae7a-f08b-4f44-a12c-09edc11ad2a6" = Governor of Poker 2 Premium Edition

"WTA-52d040ec-7135-4eec-9cd4-cdf2230564a1" = Mahjongg Dimensions Deluxe: Tiles in Time

"WTA-5506661c-81d3-49e4-b2f9-072576c15d91" = Roads of Rome 3

"WTA-5c01f4e4-2494-4342-bf09-6b5fba8368f5" = John Deere Drive Green

"WTA-5e80cd2a-d654-401d-b385-74b579628353" = Jewel Match 3

"WTA-715442b8-3be5-4073-9b0e-f41506dd2310" = Hoyle Card Games

"WTA-7c7027da-bc2b-4364-af24-485d85da4b7b" = Final Drive Fury

"WTA-83705bd4-8013-45e7-b430-3806a7dc4745" = Mortimer Beckett and the Crimson Thief Premium Edition

"WTA-8ba64964-a6d3-492c-9d8f-02006b962c0c" = Vacation Questâ„¢ - Australia

"WTA-9431f875-5fc4-41b0-8bbb-5a2107f43f7b" = Penguins!

"WTA-973dfb2b-f35d-4000-af3a-be238aa6ef88" = Bejeweled 3

"WTA-a86c3f90-cf5b-4c9f-8c9a-690d3045ff3d" = Peggle Nights

"WTA-b08e9137-7fa1-480b-8f21-a404a4877e38" = Mystery P.I. - Curious Case of Counterfeit Cove

"WTA-bd80f60a-4ecd-4a36-a634-a563d4b1e9de" = Polar Golfer

"WTA-d76db04b-4e71-4bac-880c-969c2616d43d" = Tales of Lagoona

"WTA-d8e241f0-1a03-4a4a-94d2-f0379e66bc9a" = FATE: The Cursed King

"WTA-d9f2e693-20fd-4edf-99dd-54fc5c9567f9" = Build-a-lot 4 - Power Source

"WTA-df35cdb0-0d63-4dfb-afa8-94429c4cf1f3" = Zuma's Revenge

"WTA-e173b0c7-0897-4cc2-910e-53ef978247b4" = Cradle of Rome 2

"WTA-fa24b63a-3a29-4c8b-9aeb-e1577cb8a12f" = 4 Elements II

"WTA-fb2ce78a-3b49-4539-8948-b141dca7fa98" = FlatOut 2

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2989837996-1790684633-2971567215-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 7/30/2013 11:11:16 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._pdl-datastream._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 11:11:16 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._scanner._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 11:12:09 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._pdl-datastream._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 11:12:09 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._scanner._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 3:56:56 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._pdl-datastream._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 3:56:56 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._scanner._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 10:30:31 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._pdl-datastream._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/30/2013 10:30:31 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Client application bug: DNSServiceResolve(Photosmart\032C309a\032series\032[4C3104]._scanner._tcp.local.)

 active for over two minutes. This places considerable burden on the network.

 

Error - 7/31/2013 1:01:18 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 7/31/2013 1:01:18 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 15506

 

Error - 7/31/2013 1:01:18 AM | Computer Name = Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 15506

 

[ System Events ]

Error - 10/5/2013 2:19:25 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The Rapport Management Service service terminated unexpectedly.  It

 has done this 1 time(s).

 

Error - 10/7/2013 9:54:59 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with the following service-specific

 error:   %%3758213659

 

Error - 10/7/2013 9:55:27 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The AVG WatchDog service terminated unexpectedly.  It has done this

 1 time(s).

 

Error - 10/8/2013 11:15:49 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with the following service-specific

 error:   %%3758213659

 

Error - 10/8/2013 11:16:20 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The AVG WatchDog service terminated unexpectedly.  It has done this

 1 time(s).

 

Error - 10/10/2013 5:19:29 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with the following service-specific

 error:   %%3758213659

 

Error - 10/10/2013 5:20:01 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The AVG WatchDog service terminated unexpectedly.  It has done this

 1 time(s).

 

Error - 10/10/2013 5:22:17 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The Rapport Management Service service terminated unexpectedly.  It

 has done this 1 time(s).

 

Error - 10/15/2013 3:43:39 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7024

Description = The AVGIDSAgent service terminated with the following service-specific

 error:   %%3758213659

 

Error - 10/15/2013 3:44:11 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034

Description = The AVG WatchDog service terminated unexpectedly.  It has done this

 1 time(s).

 

 

< End of report >

Share this post


Link to post
Share on other sites

Morning Dave, lots of reading & picking out what needs to go !

 

We need to Run an OTL fix !!

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png. Do not include the word Code

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJSIE:64bit:'>http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJSIE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJSIE - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundO3 - HKU\S-1-5-21-2989837996-1790684633-2971567215-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - HKLM..\Run: []  File not foundO4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\cdo - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) -  File not foundO33 - MountPoints2\{7c7c7a2e-764b-11e2-be8b-c8cbb8b06c44}\Shell - "" = AutoRun:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !

Thanks
Chuck
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.