Jump to content

atcao1

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by atcao1

  1. # DelFix v10.7 - Logfile created 08/07/2014 at 21:35:55 # Updated 27/04/2014 by Xplode # Username : Anthony - ANTHONY-PC # Operating System : Windows Vista Home Premium Service Pack 2 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\_OTM Deleted : C:\AdwCleaner Deleted : C:\Users\Anthony\Desktop\mbar Deleted : C:\Users\Anthony\Downloads\Addition.txt Deleted : C:\Users\Anthony\Downloads\ServicesRepair.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Last night security essentials picked up a few PUP.optional registry keys again... restarted and haven't seen anything since.
  2. No issues whatsoever, although security essentials doesn't find anything anymore either. Seems clear? mbar-log-2014-07-05 (23-11-22).txt system-log.txt mbar-log-2014-07-05 (21-49-07).txt
  3. I'll run Delfix tonight after work, but... Now Security essentials keeps detecting Virus:Win64/Sirefef.b. Despite quarantining each time, it keeps coming back
  4. Currently updating security essentials. Everything looks good on my end. Many many thanks for your attention and expertise
  5. Latest FSS Farbar Service Scanner Version: 10-06-2014 Ran by Anthony (administrator) on 04-07-2014 at 18:55:30 Running from "C:\Users\Anthony\Downloads" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Google.com is unreachable Attempt to access Yahoo.com returned error: Yahoo.com is unreachable Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcsvc.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  6. All 3 scans done I uninstalled Adaware and tried to start MS securities essential, but it says it isn't installed. Planning on re-downloading and installing when we're all done here FSS.txt 07042014_173758.log
  7. Here you are. FSS only took a minute to scan. After ESET finished, MBAM repeatedly came up with non-malware PUP.option and PUP.search for a while eset scan.txt FRST.txt FSS.txt
  8. After everything, MBAM still found trojan.0Access, but its found in the FRST quarantine folder Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/3/2014 Scan Time: 8:20:04 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.03.07 Rootkit Database: v2014.07.03.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows Vista Service Pack 2 CPU: x64 File System: NTFS User: Anthony Scan Type: Threat Scan Result: Completed Objects Scanned: 309418 Time Elapsed: 14 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows Vista Home Premium x64 Ran by Anthony on Thu 07/03/2014 at 21:07:06.40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A257C0B-8A05-46F1-A178-6022177EB9A8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\Users\Anthony\AppData\Roaming\getrighttogo" Successfully deleted: [Empty Folder] C:\Users\Anthony\appdata\local\{CE9FD40F-239D-418B-A642-E7FADDFF6F0B} ~~~ FireFox Emptied folder: C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\iwvvsqka.default\minidumps [2 files] Emptied folder: C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\1l994knb.default-1339877334891\minidumps [182 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 07/03/2014 at 21:19:43.54 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fixlog.txt AdwCleanerS0.txt AdwCleanerR0.txt
  9. Didn't know if you wanted to search files or registry; here's both Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Anthony at 2014-07-02 08:17:08 Running from C:\Users\Anthony\Downloads Boot Mode: Normal ================== Search Files: "services.exe" ============= C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe [2009-12-02 20:44][2009-04-11 01:27] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B [File is signed] C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe [2009-12-02 20:44][2009-04-11 02:10] 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3 [File is signed] C:\Windows\SysWOW64\services.exe [2009-12-02 20:44][2009-04-11 01:27] 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B [File is signed] C:\Windows\System32\services.exe [2009-12-02 20:44][2009-04-11 02:10] 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229 ====== End Of Search ====== Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Anthony at 2014-07-02 08:34:54 Running from C:\Users\Anthony\Downloads Boot Mode: Normal ================== Search Registry: "services.exe" =========== [HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23] "f!services.exe.mui"="0x730065007200760069006300650073002E006500780065002E006D0075006900" [HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c] "f!services.exe"="0x730065007200760069006300650073002E00650078006500" [HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced] "f!services.exe.mui"="0x730065007200760069006300650073002E006500780065002E006D0075006900" [HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56] "f!services.exe"="0x730065007200760069006300650073002E00650078006500" [HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_none_ee72a63ef14b2b26\f256!services.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers] "SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:slsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unsecapp.exe:wbemtest.exe:winmgmt.exe:wmic.exe:bfsvc.exe:Twunk_16.exe:Twunk_32.exe:wuauclt.exe:wsqmcons.exe:sapisvr.exe:WinSAT.exe:p2phost.exe:SearchProtocolHost.exe:WerFault.exe:drvinst.exe:ehshell.exe:UI0Detect.exe:ehtray.exe:HelpPane.exe:mrt.exe:SearchFilterHost.exe:mobsync.exe:Narrator.exe:SLUI.exe:taskmgr.exe:PresentationSettings.exe:vds.exe:sdclt.exe:irftp.exe:DFDWiz.exe:SndVol.exe:makecab.exe:msfeedssync.exe:unregmp2.exe:DeviceProperties.exe:rstrui.exe:MdRes.exe:netsh.exe:printui.exe:mcupdate.exe:4mmdat.sys:61883.sys:ACPI.sys:amdk7.sys:amdk8.sys:ASYNCMAC.SYS:atapi.sys:AVC.SYS:cdfs.sys:cdrom.sys:circlass.sys:cmbatt.sys:crusoe.sys:CSC.Sys:dc21x4vm.sys:disk.sys:dot4.sys:dot4usb.sys:drmkaud.sys:ecache.sys:fdc.sys:floppy.sys:hdaudbus.sys:HDAudio.sys:HIDBTH.SYS:HIDIR.SYS:i8042prt.sys:intelppm.sys:irenum.SYS:IRSIR.SYS:kbdclass.sys:kbdhid.sys:LOOP.SYS:mf.sys:monitor.sys:mouclass.sys:mouhid.sys:msisadrv.sys:msiscsi.sys:NDISWAN.SYS:nsiproxy.sys:ohci1394.sys:pci.sys:pciide.sys:powerfil.sys:processr.sys:rasl2tp.sys:raspppoe.sys:RASPPTP.SYS:RDPCDD.SYS:rfcomm.sys:sbp2port.sys:sdbus.sys:serenum.sys:serial.sys:sermouse.sys:sffdisk.sys:sffp_mmc.sys:smbios.sys:swenum.sys:tdx.sys:termdd.sys:tpm.sys:tunmp.sys:tunnel.sys:umbus.sys:update.sys:usb8023.sys:USBAudio.sys:USBCCGP.SYS:usbcir.sys:USBEHCI.sys:usbhub.sys:USBOHCI.sys:usbprint.sys:USBUHCI.sys:viac7.sys:wacompen.sys:wceusbsh.sys:winusb.sys:ws2ifsl.sys:xnacc.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{0063715b-eeda-4007-9429-ad526f62696e}] "ResourceFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{0063715b-eeda-4007-9429-ad526f62696e}] "MessageFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{06184c97-5201-480e-92af-3a3626c5b140}] "ResourceFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{06184c97-5201-480e-92af-3a3626c5b140}] "MessageFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{555908d1-a6d7-4695-8e1e-26931d2012f4}] "ResourceFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{555908d1-a6d7-4695-8e1e-26931d2012f4}] "MessageFileName"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23] "f!services.exe.mui"="0x730065007200760069006300650073002E006500780065002E006D0075006900" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c] "f!services.exe"="0x730065007200760069006300650073002E00650078006500" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced] "f!services.exe.mui"="0x730065007200760069006300650073002E006500780065002E006D0075006900" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56] "f!services.exe"="0x730065007200760069006300650073002E00650078006500" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\VersionedIndex\6.0.6002.18005_0028c5a9\ComponentFamilies\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_none_ee72a63ef14b2b26\f256!services.exe] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" ====== End Of Search ======
  10. Comes from C:\Windows\assembly\GAC_32\Desktop.ini Note- uTorrent is installed, but always disabled (not in task manager) ~~~~FRST~~~~~~~ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014 Ran by Anthony (administrator) on ANTHONY-PC on 01-07-2014 20:50:36 Running from C:\Users\Anthony\Downloads Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (HP) C:\Windows\System32\HPSIsvc.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe () C:\Program Files (x86)\SMINST\BLService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (SupportSoft, Inc.) C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe (Akamai Technologies, Inc.) C:\Users\Anthony\AppData\Local\Akamai\netsession_win.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe () C:\Program Files (x86)\RAM Idle LE\RAM_XP.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Akamai Technologies, Inc.) C:\Users\Anthony\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [246784 2008-01-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-26] (Microsoft Corporation) HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent) HKLM-x32\...\Run: [TSMAgent] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink) HKLM-x32\...\Run: [uCam_Menu] => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.) HKLM-x32\...\Run: [updatePSTShortCut] => C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [updateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [updatePDIRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [2612960 2009-02-04] (Bradford Networks) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-05] (RealNetworks, Inc.) HKLM-x32\...\Run: [ddoctorv2] => C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe [202560 2008-04-24] (SupportSoft, Inc.) HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [RAM Idle Professional] => C:\Program Files (x86)\RAM Idle LE\RAM_XP.exe [131584 2003-10-08] () HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] () HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.) HKLM-x32\...\Runonce: [b Register C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax] - "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mc_demux_mp2_ds.ax",DllRegisterServer [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0 HKU\S-1-5-21-443390008-1506638986-505042718-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Anthony\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-443390008-1506638986-505042718-1000\...\Run: [Google Update] => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-03-19] (Google Inc.) HKU\S-1-5-21-443390008-1506638986-505042718-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-443390008-1506638986-505042718-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.) HKU\S-1-5-21-443390008-1506638986-505042718-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-443390008-1506638986-505042718-1000\$ff24043d55f85ce9a20a8337d9b4b888\n. ATTENTION! ====> ZeroAccess? ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume1\Program Files (x86)\Ad-Aware Antivirus\Definitions ==================== Internet (Whitelisted) ==================== ProxyServer: :0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {8A257C0B-8A05-46F1-A178-6022177EB9A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM - {314502BD-5212-4FC8-95CA-A5CF8EA1313C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM - {8A257C0B-8A05-46F1-A178-6022177EB9A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 - DefaultScope ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7 SearchScopes: HKLM-x32 - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7 SearchScopes: HKLM-x32 - {314502BD-5212-4FC8-95CA-A5CF8EA1313C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKLM-x32 - {8A257C0B-8A05-46F1-A178-6022177EB9A8} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKLM-x32 - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - ComcastSearch URL = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7 SearchScopes: HKCU - {314502BD-5212-4FC8-95CA-A5CF8EA1313C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS} SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchina.com/download/CMBEdit.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 mswsock.dll File Not found () Winsock: Catalog9 02 mswsock.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 mswsock.dll File Not found () Winsock: Catalog9-x64 02 mswsock.dll File Not found () Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\1l994knb.default-1339877334891 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=1.0.3.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @thrixxx.com/WebLaunch - C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Anthony\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Anthony\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\confmgr.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\ctxlogging.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\npicaN.dll () FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF Extension: ActiveGS - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\Extensions\activegs@freetoolsassociation.com [2010-09-09] FF Extension: Lavasoft Search Plugin - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013-04-27] FF Extension: Microsoft .NET Framework Assistant - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-09-09] FF Extension: Zynga Community Toolbar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012-05-30] FF Extension: Adobe DLM (powered by getPlus®) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\iwvvsqka.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009-09-04] FF Extension: Adblock Edge - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\1l994knb.default-1339877334891\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-05] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-06] FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-04-14] FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-24] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-11] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-04-14] FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Shiretoko\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited) R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2944736 2009-02-04] (Bradford Networks) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [544768 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.) S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (NOS Microsystems Ltd.) R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed] R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-26] (Microsoft Corporation) R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software) R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed] R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed] S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 sprtsvc_ddoctorv2; C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.) S3 WMZuneComm; c:\Program Files (x86)\New Folder (2)\WMZuneComm.exe [306416 2010-09-24] (Microsoft Corporation) S3 ZuneNetworkSvc; c:\Program Files (x86)\New Folder (2)\ZuneNss.exe [8251120 2010-09-24] (Microsoft Corporation) S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation) S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) S1 Beep; No ImagePath U5 BITS; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-10] (Disc Soft Ltd) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-27] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-20] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S0 Lbd; system32\DRIVERS\Lbd.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-01 20:50 - 2014-07-01 20:51 - 00036000 _____ () C:\Users\Anthony\Downloads\FRST.txt 2014-07-01 20:49 - 2014-07-01 20:50 - 00000000 ____D () C:\FRST 2014-07-01 20:49 - 2014-07-01 20:49 - 02083840 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe 2014-07-01 20:33 - 2014-07-01 20:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 20:33 - 2014-07-01 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-01 20:32 - 2014-07-01 20:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-01 20:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-01 20:32 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-29 10:59 - 2014-06-29 11:00 - 00000000 ____D () C:\Users\Anthony\Downloads\k19go 2014-06-13 23:31 - 2014-06-28 23:33 - 00000000 ____D () C:\Users\Anthony\Downloads\The Wire Season 3 2014-06-11 08:27 - 2014-06-11 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2014-07-01 20:51 - 2014-07-01 20:50 - 00036000 _____ () C:\Users\Anthony\Downloads\FRST.txt 2014-07-01 20:50 - 2014-07-01 20:49 - 00000000 ____D () C:\FRST 2014-07-01 20:49 - 2014-07-01 20:49 - 02083840 _____ (Farbar) C:\Users\Anthony\Downloads\FRST64.exe 2014-07-01 20:38 - 2012-07-14 00:34 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-01 20:34 - 2014-07-01 20:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 20:33 - 2014-07-01 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-01 20:33 - 2014-07-01 20:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-01 20:33 - 2009-09-12 01:17 - 00000000 ___HD () C:\Users\Anthony\AppData\Roaming\Malwarebytes 2014-07-01 20:32 - 2012-04-22 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-01 20:32 - 2009-09-12 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 19:55 - 2009-08-27 15:31 - 01742379 _____ () C:\Windows\WindowsUpdate.log 2014-07-01 19:54 - 2010-03-19 23:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000UA.job 2014-07-01 19:45 - 2010-03-19 23:21 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000Core.job 2014-07-01 19:37 - 2012-12-13 22:57 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Anthony.job 2014-07-01 19:37 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-01 19:37 - 2006-11-02 10:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-01 08:38 - 2012-07-14 00:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-01 04:39 - 2012-04-30 19:20 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc 2014-07-01 04:37 - 2009-09-15 00:31 - 00108544 _____ () C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-30 22:10 - 2012-12-13 22:57 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Anthony.job 2014-06-30 06:05 - 2011-08-05 07:36 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Nitro PDF 2014-06-29 14:52 - 2010-01-25 00:53 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\uTorrent 2014-06-29 14:48 - 2012-02-29 21:30 - 00000000 ____D () C:\Westwood 2014-06-29 14:46 - 2013-03-12 22:20 - 18870540 _____ () C:\Users\Anthony\Downloads\GraphPad.Prism.v5.00.zip 2014-06-29 11:00 - 2014-06-29 10:59 - 00000000 ____D () C:\Users\Anthony\Downloads\k19go 2014-06-28 23:33 - 2014-06-13 23:31 - 00000000 ____D () C:\Users\Anthony\Downloads\The Wire Season 3 2014-06-28 00:21 - 2011-05-27 01:17 - 00000000 ___RD () C:\Users\Anthony\Dropbox 2014-06-28 00:02 - 2011-04-05 21:43 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Dropbox 2014-06-27 14:33 - 2006-11-02 07:46 - 00713036 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-27 14:32 - 2014-05-17 09:21 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\DropboxMaster 2014-06-27 10:01 - 2012-12-13 22:57 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Anthony.job 2014-06-27 10:00 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-24 20:37 - 2006-11-02 10:42 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-22 00:40 - 2012-07-14 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-06-21 22:59 - 2009-09-21 09:55 - 00000000 ___HD () C:\Users\Anthony\AppData\Roaming\EndNote 2014-06-21 22:46 - 2013-04-27 21:47 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-06-21 22:45 - 2012-04-28 09:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-21 22:15 - 2009-06-01 07:53 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-06-21 18:49 - 2010-03-19 23:21 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000UA 2014-06-21 18:49 - 2010-03-19 23:21 - 00003408 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000Core 2014-06-19 00:23 - 2010-04-08 16:27 - 00000000 ___HD () C:\Users\Anthony\AppData\Local\Paint.NET 2014-06-18 08:33 - 2012-07-14 00:34 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 08:33 - 2012-07-14 00:34 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-14 18:26 - 2014-06-14 18:26 - 00000000 ____D () C:\Users\Anthony\Downloads\PussyKat 2014-06-11 08:27 - 2014-06-11 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-04 14:50 - 2012-12-19 08:24 - 00007346 _____ () C:\Users\Anthony\Documents\FlowJo75.prefs 2014-06-04 14:44 - 2010-01-23 02:01 - 00000000 ___HD () C:\Users\Anthony\AppData\Roaming\FlowJo7 2014-06-01 06:39 - 2006-11-02 10:21 - 00432736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-06-01 06:38 - 2011-11-21 19:44 - 00289596 _____ () C:\Windows\PFRO.log ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ZeroAccess: C:\$Recycle.Bin\S-1-5-21-443390008-1506638986-505042718-1000\$ff24043d55f85ce9a20a8337d9b4b888 Files to move or delete: ==================== C:\ProgramData\go_0molg.pad Some content of TEMP: ==================== C:\Users\Anthony\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe6lwrl.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-27 10:07 ==================== End Of Log ============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Anthony at 2014-07-01 20:51:43 Running from C:\Users\Anthony\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Lavasoft Ad-Aware (Disabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} AV: Microsoft Security Essentials (Disabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Lavasoft Ad-Aware (Disabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A} AS: Microsoft Security Essentials (Disabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B} FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - ) 64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 2.3.0 - Adobe Systems Incorporated) Hidden Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation) Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden Ad-Aware Antivirus (HKLM-x32\...\{F075020E-43B2-4F2C-9723-C81CE162E7B6}) (Version: 10.5.2.4379 - Lavasoft) Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.94 - Lavasoft) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - ) Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.60 - NOS Microsystems Ltd.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AOL Toolbar (HKCU\...\AOL Toolbar) (Version: - ) Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio 2010 Advanced (HKLM-x32\...\Ashampoo Burning Studio 2010 Advanced_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG) AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version: - ) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bradford Persistent Agent (HKLM-x32\...\{0A55F129-B9B5-4836-8A2C-F3B16E850E26}) (Version: 2.0.3.8 - Bradford Networks) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.31 - Broadcom Corporation) BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.) Comcast High-Speed Internet Install Wizard (HKLM-x32\...\ComcastHSI) (Version: - Comcast Cable Communications, LLC) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 6.0.2326 - CyberLink Corp.) Hidden D2600 (x32 Version: 120.0.256.000 - Hewlett-Packard) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd) Desktop Doctor (HKLM-x32\...\{D87149B3-7A1D-4548-9CBF-032B791E5908}) (Version: 2.5.5 - Comcast) DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden Diablo II (HKLM-x32\...\Diablo II) (Version: - ) DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.) DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.) DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.4.3 - DivX, Inc.) DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.) DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC) DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.) DJ_SF_05_D2600_Software_Min (x32 Version: 120.0.256.000 - Hewlett-Packard) Hidden Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.02 - Sierra) EndNote X1 (HKLM-x32\...\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}) (Version: 11.0.1.2696 - Thomson ResearchSoft) EndNote X3 (HKLM-x32\...\{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}) (Version: 13.0.0.4094 - Thomson Reuters) ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Fitbit Connect (HKLM-x32\...\{C257E096-67B0-4122-98F3-EE0D8798E03B}) (Version: 1.0.0.4065 - Fitbit Inc.) FlowJo 7.5 (HKLM-x32\...\FlowJo 7.5) (Version: 1.0.0.0 - ) FlowJo 7.6 (HKLM-x32\...\FlowJo 7.6) (Version: 1.0.0.0 - Tree Star Inc) Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden GraphPad Prism 5 (Trial) (HKLM-x32\...\{35B73650-6899-11DA-6784-00232A9018BE}) (Version: 5.00 - GraphPad Software) GTA San Andreas (HKLM-x32\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games) HP Active Support Library (HKLM-x32\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard) HP Common Access Service Library (x32 Version: 2.00 E6 - Hewlett-Packard) Hidden HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP) HP Deskjet D2600 Printer Driver Software 12.0 Rel .5 (HKLM\...\{EA6197F3-B467-4c70-B450-42D9E0C11400}) (Version: 12.0 - HP) HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard) HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company) HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 2.1.2425 - Hewlett-Packard) Hidden HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard) HP MediaSmart Webcam (x32 Version: 2.1.1124 - Hewlett-Packard) Hidden HP Quick Launch Buttons 6.40 L1 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard) HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP) HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP) HP Total Care Advisor (HKLM-x32\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard) HP Total Care Setup (HKLM-x32\...\{4916DFBD-403B-4707-AA64-294DC082B99F}) (Version: 1.1.2274.2854 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard) HP User Guides 0125 (HKLM-x32\...\{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}) (Version: 1.00.0000 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard) HPAsset component for HP Active Support Library (x32 Version: 3.0.0.6 - Hewlett-Packard) Hidden HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) ISI ResearchSoft - Export Helper (HKLM-x32\...\ISI ResearchSoft - Export Helper) (Version: - ) iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.) Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle) Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Java 6 Update 7 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.) JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.) Juniper Networks Network Connect 6.5.0 (HKLM-x32\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.15255 - Juniper Networks) Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.16499 - Juniper Networks) Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18193 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.0.1526.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Music Manager (HKCU\...\MusicManager) (Version: - Google, Inc.) Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden neroxml (x32 Version: 1.0.0 - Nero AG) Hidden Nitro PDF Professional (HKLM\...\{59525B55-DE3C-439F-82CC-D4578960DE73}) (Version: 6.2.1.10 - Nitro PDF Software) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PlugY, The Survival Kit (HKLM-x32\...\PlugY, The Survival Kit) (Version: 10.00 - ) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.) Power2Go (x32 Version: 6.0.2325 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.2317 - CyberLink Corp.) Hidden ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard) QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.) RAM Idle Limited Edition (HKLM-x32\...\RAM Idle Limited Edition_is1) (Version: 1.4 - TweakNow) RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks) Realtek 8101E/8168/8169 PCI/PCIe Adapters (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.210.1003.2008 - Realtek Corporation) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) Shiretoko (3.5) (HKLM\...\Shiretoko (3.5)) (Version: 3.5 (en-US) - Mozilla) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spotify (HKCU\...\Spotify) (Version: 0.8.1.64.g5c5914e3 - Spotify AB) Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - ) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden The Godfather™ The Game (HKLM-x32\...\{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}) (Version: - ) Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden TreeSize Free V2.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.5 - JAM Software) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6C4E1D7E-EEB2-4EDE-8B39-9844D8AD9273}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Video Thumbnails Maker by Scorp (remove only) (HKLM-x32\...\Video Thumbnails Maker) (Version: - ) Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE) Windows Mobile Device Updater Component (Version: 04.07.1404.00 - Microsoft Corporation) Hidden WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Xilisoft AVI to DVD Converter 6 (HKLM-x32\...\Xilisoft AVI to DVD Converter 6) (Version: 6.2.1.0321 - Xilisoft) Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation) Zune (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.07.1404.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 21-06-2014 04:49:09 Scheduled Checkpoint 22-06-2014 18:49:49 Scheduled Checkpoint 23-06-2014 12:35:36 Scheduled Checkpoint 24-06-2014 05:20:19 Scheduled Checkpoint 27-06-2014 04:09:41 Scheduled Checkpoint 28-06-2014 12:40:30 Scheduled Checkpoint 29-06-2014 16:36:24 Scheduled Checkpoint 30-06-2014 13:30:59 Scheduled Checkpoint 01-07-2014 05:00:02 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 07:34 - 2013-04-14 11:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {098E1D66-588F-4C7A-B60A-84E3BDC9D3FE} - System32\Tasks\RNUpgradeHelperResumePrompt_Anthony => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {12CA558C-3414-4159-9531-207C1A56E1EB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation) Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {3CCA1F7F-677D-42B9-A7E5-514CAD5D446B} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {422FBEE4-3DC5-496F-9794-1D997395D73C} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited) Task: {4E92824F-14D8-4482-9DC0-86DF209FCD0F} - System32\Tasks\RNUpgradeHelperLogonPrompt_Anthony => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {73BAAA60-653C-4DDE-9CEF-CDD0D12C0C80} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000Core => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19] (Google Inc.) Task: {73DB4C71-6D73-4FB2-B3AF-4D02329C9271} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.) Task: {77D8139E-3D2E-47CC-8394-69AA5AF4347B} - System32\Tasks\ReclaimerUpdateXML_Anthony => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {83BC4167-EBE6-4BE2-86D0-5BA0B07B180B} - System32\Tasks\ReclaimerUpdateFiles_Anthony => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: {95741D73-CB07-4C93-8E98-D78769C42378} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {A401828A-2119-4267-AEF9-37B21D027E1D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000UA => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-19] (Google Inc.) Task: {BFADE949-947C-4DF6-877F-6AEB2E1D5C58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000Core.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443390008-1506638986-505042718-1000UA.job => C:\Users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Anthony.job => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: C:\Windows\Tasks\ReclaimerUpdateXML_Anthony.job => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Anthony.job => C:\Users\Anthony\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe ==================== Loaded Modules (whitelisted) ============= 2009-12-02 20:44 - 2009-04-11 02:11 - 00304128 _____ () C:\Windows\system32\mswsock.dll 2009-12-02 20:44 - 2009-04-11 02:11 - 00304128 _____ () C:\Windows\system32\MSWSOCK.dll 2009-12-02 20:44 - 2009-04-11 02:11 - 00304128 _____ () C:\Windows\System32\mswsock.dll 2010-07-14 10:09 - 2010-04-08 10:07 - 00289280 _____ () C:\Windows\System32\HP1100LM.DLL 2010-07-14 10:09 - 2010-03-04 16:56 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2010-07-14 10:09 - 2010-04-08 10:08 - 03031040 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll 2010-07-14 10:09 - 2010-04-08 10:06 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll 2010-09-08 12:44 - 2010-04-08 10:07 - 01440768 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100XC.DLL 2009-06-01 09:41 - 2008-12-17 18:11 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe 2009-06-01 09:33 - 2008-09-15 09:13 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2010-01-12 20:57 - 2009-12-12 16:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2003-10-08 12:44 - 2003-10-08 12:44 - 00131584 _____ () C:\Program Files (x86)\RAM Idle LE\RAM_XP.exe 2008-10-22 12:32 - 2008-10-22 12:32 - 00628016 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2012-08-27 22:33 - 2012-08-27 22:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-08-27 22:33 - 2012-08-27 22:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2009-06-01 09:41 - 2008-12-17 18:11 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll 2009-06-01 09:33 - 2008-09-15 09:13 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll 2014-06-11 08:27 - 2014-06-11 08:27 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-22 10:21 - 2013-09-22 10:21 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Temp:B3A6CA11 AlternateDataStreams: C:\Users\Anthony\Documents\essay final.docx:com.dropbox.attributes AlternateDataStreams: C:\Users\Anthony\Documents\HGCCMini-MBAApplication 2011.pdf:com.dropbox.attributes AlternateDataStreams: C:\Users\Anthony\Documents\Ting Feng-CV.pdf:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/01/2014 08:33:27 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, faulting module mbamservice.exe, version 3.0.2.0, time stamp 0x5318d363, exception code 0x40000015, fault offset 0x0007da8a, process id 0x9248, application start time 0xmbamservice.exe0. Error: (07/01/2014 09:16:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13104 Error: (07/01/2014 09:16:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13104 Error: (07/01/2014 09:16:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2014 09:16:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12106 Error: (07/01/2014 09:16:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12106 Error: (07/01/2014 09:16:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2014 09:16:55 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11107 Error: (07/01/2014 09:16:55 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11107 Error: (07/01/2014 09:16:55 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (07/01/2014 08:33:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: MBAMService1 Error: (07/01/2014 07:42:01 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal. Error: (07/01/2014 07:42:01 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal. Error: (07/01/2014 07:42:01 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal. Error: (07/01/2014 07:42:01 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal. Error: (06/30/2014 06:40:32 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal. Error: (06/30/2014 06:40:32 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&03E4) disappeared from the system without first being prepared for removal. Error: (06/30/2014 06:40:32 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&02E4) disappeared from the system without first being prepared for removal. Error: (06/30/2014 06:40:32 PM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&00E4) disappeared from the system without first being prepared for removal. Error: (06/30/2014 06:09:35 AM) (Source: PlugPlayManager) (EventID: 12) (User: ) Description: The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30F7103C&REV_00\4&37ba8cc&0&04E4) disappeared from the system without first being prepared for removal. Microsoft Office Sessions: ========================= Error: (07/25/2011 01:58:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41759 seconds with 1260 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-07-01 20:51:36.529 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:36.317 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:36.110 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:35.907 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:03.115 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:02.901 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:02.675 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:51:02.444 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-07-01 20:34:20.063 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-22 10:08:40.547 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 3998.02 MB Available physical RAM: 1802.2 MB Total Pagefile: 8227.31 MB Available Pagefile: 5118.42 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:218.44 GB) (Free:44.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:14.44 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive h: (EXPANSION) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 233 GB) (Disk ID: 27265BBE) Partition 1: (Active) - (Size=218 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.