NoBullets

log system-log.7z

Alright, thank you. It looks like it's all clean (nothing came up in these either) so it must be something else.

(also, it did not give me the option to save a report)

Rogekiller didn't really find anything; it killed the real player plugin from google chrome. All other logs were clear

DDS logs below: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.9.2Run by user at 13:53:14 on 2013-07-20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2939.880 [GMT -5:00]. AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}. ============== Running Processes ================. C:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exe C:\Windows\RtkAudioService.exeC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXE C:\Windows\system32\pnssosvr.exeC:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe C:\Program Files\ThreatFire\TFTray.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Winamp\winampa.exeC:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exe C:\Program Files\PC Tools Security\BDT\FGuard.exeC:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG2013\avgui.exeC:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Windows\system32\pnusbvirtualhubwssrv.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files\ThreatFire\TFService.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\Workrave\lib\Workrave.exe C:\Program Files\iPod\bin\iPodService.exeC:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\SearchIndexer.exeC:\Program Files\Genie9\Genie Timeline\GenieTimelineAgent.exe C:\Windows\system32\WUDFHost.exeC:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe C:\Windows\system32\wuauclt.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\notepad.exeC:\Users\user\Desktop\HijackThis.exe C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k LocalServicePeerNet .============== Pseudo HJT Report =============== .uStart Page = about:blank uProxyOverride = *.locauURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader \browserplugins\ie\rndlbrowserrecordplugin.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dllEB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [Workrave] c:\program files\workrave\lib\workrave.exemRun: [ThreatFire] c:\program files\threatfire\TFTray.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exemRun: [WinampAgent] "c:\program files\winamp\Winampa.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exeStartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program \quickstart.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll. INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option. .. INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. .TCP: NameServer = xxx.xxx.xx.xx xxx.xxx.xx.xxxHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned>Hosts: 127.0.0.1 www.spywareinfo.com .================= FIREFOX =================== .FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\ymp2f2xm.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\npjpi170_09.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files\opera\program\plugins\np_gp.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dllFF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dllFF - plugin: c:\users\user\appdata\local\google\update\1.3.21.149\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - plugin: c:\windows\system32\npDeployJava1.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jungFF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung FF - Ext: Forecastfox: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}. ============= SERVICES / DRIVERS ===============. R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-7-31 51984]R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-7-31 59664] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072] R1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2012-10-12 33096]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-10-21 247760] R2 GenieTimelineService;Genie Timeline Service;c:\program files\genie9\genie timeline\GenieTimelineService.exe [2012-9-16 307288]R2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\drivers\pnpnptool.sys [2012-2-19 35696] R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe [2012-2-19 465040]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013- 4-16 39056] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2010-8-1 104992]R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-31 1153368] R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2013-6-19 557968] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-8-5 9344] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-7-31 33552] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 acsock;acsock;c:\windows\system32\drivers\acsock.sys [2013-6-19 92112]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 pnusbd;Quest RDP USB Driver;c:\windows\system32\drivers\pnusbd.sys [2012-2-19 20592]S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\svrtservice.exe --> c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [?] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-31 1343400]. =============== File Associations ===============. FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1" .=============== Created Last 30 ================ .2013-06-22 14:33:16 -------- d-----w- c:\program files\RealNetworks 2013-06-22 14:31:45 -------- d-----w- c:\program files\common files\xing shared. ==================== Find3M ====================. 2013-06-22 14:30:26 348160 ----a-w- c:\windows\system32\msvcr71.dll2013-06-22 14:30:25 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-06-19 15:00:13 11152 ----a-w- c:\windows\system32\vpncategories.dll2013-06-19 15:00:10 34192 ----a-w- c:\windows\system32\vpnevents.dll 2013-06-19 14:42:19 43120 ----a-w- c:\windows\system32\drivers\vpnva-6.sys2013-06-19 14:40:12 92112 ----a-r- c:\windows\system32\drivers\acsock.sys 2013-06-16 14:56:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-16 14:56:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe .============= FINISH: 13:55:46.92 =============== attach.7z

I need help with this. This computer shows about 50% of the RAM being used straight from startup (1.5GB). Windows explore often crashes immediately after startup. I read this might be caused by Threatfire trying to block a rootkit, but scans show nothing. Another weird thing I noticed is tons of repeated O8. Advice, please. ================================================================ Logfile of Trend Micro HijackThis v2.0.5Scan saved at 1:31:56 PM, on 7/20/2013Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v9.00 (9.00.8112.16476)CHROME: 28.0.1500.72Boot mode: Normal Running processes:C:\Windows\System32\smss.exeC:\PROGRA~1\AVG\AVG2013\avgrsx.exeC:\Program Files\AVG\AVG2013\avgcsrvx.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\RtkAudioService.exeC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\pnssosvr.exeC:\Windows\system32\svchost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\system32\taskhost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2013\avgidsagent.exeC:\Program Files\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateService.exeC:\Program Files\ThreatFire\TFTray.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Winamp\winampa.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\PC Tools Security\BDT\FGuard.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG2013\avgui.exeC:\Windows\system32\svchost.exeC:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Windows\system32\pnusbvirtualhubwssrv.exeC:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Windows\system32\svchost.exeC:\Program Files\ThreatFire\TFService.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Real\RealPlayer\Update\realsched.exeC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\AVG\AVG2013\avgnsx.exeC:\Program Files\Workrave\lib\Workrave.exeC:\Program Files\iPod\bin\iPodService.exeC:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Genie9\Genie Timeline\GenieTimelineAgent.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Windows\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\system32\wuauclt.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\FileZilla FTP Client\filezilla.exeC:\Windows\system32\notepad.exeC:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\user\Desktop\HijackThis.exeC:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.locaR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dllO2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dllO4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exeO4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [skytel] Skytel.exeO4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osbootO4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimizedO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [Workrave] C:\Program Files\Workrave\lib\workrave.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Dropbox.lnk = user\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - http://esupport.sony.com/VaioInfo.CABO16 - DPF: {D9397163-A2DB-4A4A-B2C9-34E876AF2DFC} (Client Class) - https://voal.tamu.edu/windows/provision/web-it/clients/vasclient32t.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Genie Timeline Service (GenieTimelineService) - Genie9 - C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Quest USB Hub Client Service (pnusbvirtualhubwssrv) - Quest Software - C:\Windows\system32\pnusbvirtualhubwssrv.exeO23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exeO23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Unknown owner - C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe (file missing)O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exeO23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe --End of file - 14007 bytes