Jump to content

Mr. Bojangles

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Everything posted by Mr. Bojangles

  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by The Professor at 2015-07-18 06:49:03 Running from C:\Users\jimmy\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2105765451-1135739353-437393356-500 - Administrator - Disabled) Guest (S-1-5-21-2105765451-1135739353-437393356-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2105765451-1135739353-437393356-1003 - Limited - Enabled) The Professor (S-1-5-21-2105765451-1135739353-437393356-1001 - Administrator - Enabled) => C:\Users\jimmy ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DMark (HKLM-x32\...\{f5aa1c48-f2dc-4f4f-a71d-65bd7d0dc5c5}) (Version: 1.5.893.0 - Futuremark) 3DMark (Version: 1.5.893.0 - Futuremark) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.3.121 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) AlienRespawn (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Alienware) Alienware Command Center (HKLM-x32\...\InstallShield_{D4CE21D4-27E5-46DB-9FFE-553A90AD4B9F}) (Version: 3.5.14.0 - Alienware Corp.) Alienware Command Center (Version: 3.5.14.0 - Alienware Corp.) Hidden Alienware Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP) Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.11C - ) Alienware On-Screen Display (x32 Version: 0.33.0.11C - ) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoHotkey 1.1.22.00 (HKLM\...\AutoHotkey) (Version: 1.1.22.00 - Lexikos) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - ) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.143 - Broadcom Corporation) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - ) Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell System Detect (HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc) EMSC (x32 Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden EVGA PrecisionX 16 (HKLM-x32\...\{2183FCC1-07DA-44D5-97FB-EEC4EBA57D7B}) (Version: 5.3.1 - EVGA Corporation) Face Recognition (HKLM\...\{639C3CD6-010F-4A78-AF7E-FAEC523744BB}) (Version: 5.0.78.1 - Sensible Vision) Futuremark SystemInfo (HKLM-x32\...\{79659071-4B68-4EC8-833C-49C97B68FCD0}) (Version: 4.36.512.0 - Futuremark) Geeks3D FurMark 1.15.2.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Handy Recovery 5.5 (HKLM-x32\...\{4196D960-68B0-4BEB-B312-3C1B4654068D}) (Version: 5.5 - SoftLogica) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Java 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.) K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - ) LAV Filters 0.64 (HKLM-x32\...\lavfilters_is1) (Version: 0.64 - Hendrik Leppkes) Maltego Chlorine CE 3.6.0 (HKLM-x32\...\MaltegoCE 3.6.0) (Version: 3.6.0 - Paterva) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) M-Audio Fast Track Pro 6.1.10 (x64) (HKLM\...\{44BCF4BB-2486-465D-8C03-50150201B4EA}) (Version: 6.1.10 - M-Audio) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team) NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 332.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.70 - NVIDIA Corporation) NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Graphics Driver 332.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.70 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation) NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden PCMark 8 (HKLM-x32\...\{b97bec7a-41cf-4ea1-b00e-8282a64b67c0}) (Version: 2.4.304.0 - Futuremark) PCMark 8 (Version: 2.4.304.0 - Futuremark) Hidden ph (x32 Version: 1.0.0 - Your Company Name) Hidden Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1052 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1052 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{56BF70E8-EC59-4F68-BEE7-8B71432048C4}) (Version: 1.0.30.1052 - Qualcomm Atheros) Qualcomm Atheros Network Manager (Version: 1.0.30.1052 - Qualcomm Atheros) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team) Real Time Relativity v1.6.0 (HKLM-x32\...\{0DFC5A30-1D57-4EF6-ABDA-C58C4DC1475B}) (Version: 1.6.0 - Australian National University) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) rekordbox 3.2.2 (HKLM-x32\...\Pioneer rekordbox 3.2.2) (Version: 3.2.2.3901 - Pioneer) RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT) RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT) SevenZip (HKLM-x32\...\SevenZip) (Version: 9.20 - SevenZip) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0046 - ST Microelectronics) Stagelight (HKLM\...\StageLight) (Version: 2.0.0.5045 - Open Labs, LLC.) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Stereoscopic Player (HKLM-x32\...\{f3e7745d-e72e-4506-a939-4169bdc038ab}) (Version: 2.3.5 - 3dtv.at) Stereoscopic Player (x32 Version: 2.3.5 - 3dtv.at) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.2 - Synaptics Incorporated) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Universe Sandbox ² (HKLM-x32\...\Steam App 230290) (Version: - Giant Army) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - ) XSplit Broadcaster (HKLM-x32\...\{4202CAFA-F8F9-4311-8A13-19DB48AAF5F7}) (Version: 2.2.1502.1633 - SplitmediaLabs) ZaraRadio 1.6.2 (HKLM-x32\...\ZaraRadio_is1) (Version: - Kero Systems S.L.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2105765451-1135739353-437393356-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-2105765451-1135739353-437393356-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jimmy\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-07-2015 08:48:58 Revo Uninstaller's restore point - Avid Pro Tools SE 8.0.3 16-07-2015 03:11:28 Installed M-Audio Fast Track Pro 6.1.10 (x64) 17-07-2015 16:33:03 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-04-16 11:11 - 2015-04-16 11:10 - 00000911 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01C2D86E-A931-41F9-9FAF-73D840200C3D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {1DC89640-CA03-492C-A399-A3694759606A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {1F1DE604-784F-429F-AC4D-086A2864D540} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.) Task: {2F721C5E-3837-4D30-B6B3-9AD166F140FF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for TheProfessor-The Professor TheProfessor => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation) Task: {32309153-ACB1-4C6C-AC0D-659FBFFE0D03} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation) Task: {397D6187-192D-45E5-89A0-3649580F0560} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-05-13] (Realtek Semiconductor) Task: {45342255-8866-4D7C-B61C-785F4A7CC12B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.) Task: {469B084D-D44C-4142-AA3F-F11097BE596C} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-12] (Intel) Task: {635EE3E8-5631-48F5-AE14-AB1B6791F1FC} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.) Task: {6D7C09BE-1E76-4E68-A5DB-C0435F7670A1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.) Task: {732F287E-EE50-490B-8CE8-55CB7A61594D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lynksys@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {81AA1731-502A-4DA0-98BE-98DA7191A914} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.) Task: {8A2B4CFA-8885-4F57-9EE6-25595D46D101} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2105765451-1135739353-437393356-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {8D0C221F-9E57-4335-BA19-4433FCEEA6CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.) Task: {A146365D-F7BD-47EA-98B8-CEA498F5BCC0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation) Task: {AB3A171A-3F81-4B64-AB06-50C823EBB2E4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {BC5DECC7-062B-49A4-8C87-E8A6B941A8DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {D052F47A-CE24-4F01-8964-74DCD709B21F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-14] (Synaptics Incorporated) Task: {DB9D44EA-9BC1-4F89-8167-F55740FB5754} - System32\Tasks\Microsoft Office 15 Sync Maintenance for THEPROFESSOR-jimmy TheProfessor => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation) Task: {E05C9797-118D-4D6F-97FD-C5BF2C4FAEBA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-03 22:46 - 2014-02-24 10:22 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-05 13:13 - 2013-09-05 13:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2015-04-18 05:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2015-05-05 06:23 - 2015-05-05 06:23 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2013-08-08 06:38 - 2013-08-08 06:38 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2013-11-16 10:17 - 2013-11-16 10:17 - 04593968 _____ () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe 2014-12-03 10:59 - 2014-12-03 10:59 - 04358960 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\FAAppMonOT.exe 2015-06-13 14:16 - 2015-06-13 14:16 - 31404192 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2015-06-19 04:09 - 2015-06-19 04:09 - 00155824 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe 2014-12-03 11:14 - 2014-12-03 11:14 - 00094000 _____ () C:\Windows\SYSTEM32\FAIEExtension.DLL 2013-04-04 13:42 - 2013-04-04 13:42 - 00012424 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\MFCaptureD3D_2_DLL.dll 2015-05-05 06:35 - 2015-05-05 06:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2009-12-19 04:07 - 2009-12-19 04:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll 2015-06-09 22:36 - 2015-06-09 22:36 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2013-11-05 10:32 - 2013-11-05 10:32 - 00021008 _____ () C:\Program Files\Alienware\Command Center\Hook32.dll 2015-06-18 18:53 - 2015-06-18 18:53 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00121856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00122880 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node 2015-06-18 18:53 - 2015-06-18 18:53 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node 2014-05-16 08:02 - 2013-03-05 13:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-06 04:41 - 2013-03-06 04:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-01-14 16:03 - 2014-01-14 16:03 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2015-05-03 22:30 - 2013-09-18 23:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-09-29 19:17 - 2014-09-29 19:17 - 00882688 _____ () C:\Program Files\Native Instruments\Traktor 2\platforms\qwindows.dll 2015-02-27 03:05 - 2015-02-10 05:14 - 01905904 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\STRestoreAPI.dll 2014-05-16 08:06 - 2012-11-26 15:19 - 01153384 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\libxml2.dll 2015-02-27 03:05 - 2014-02-19 08:12 - 00117568 _____ () C:\Program Files (x86)\AlienRespawn\Components\Restore\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:oosr8E1DUZaIkTaled6e4O4Zo AlternateDataStreams: C:\ProgramData\Microsoft:SHbD7E0ojkj9ZfhNLAlMdTe AlternateDataStreams: C:\Users\jimmy\OneDrive:ms-properties AlternateDataStreams: C:\Users\jimmy\AppData\Local\hsJ72jga:3FQyIeDNWEsqWNKwkISIbB AlternateDataStreams: C:\Users\jimmy\AppData\Local\RAZvdvn5mwZMrp:8ePvK5izVnxI6NgdPi AlternateDataStreams: C:\Users\jimmy\AppData\Local\Temp:Pw6LP20WTvwds3bqshYFsAi AlternateDataStreams: C:\Users\jimmy\AppData\Local\Temporary Internet Files:IV7YxdZ9Kx4sl9nXcd36Df3Wq ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\dell.com -> dell.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Control Panel\Desktop\\Wallpaper -> D:\My Pictures\Cosmos\hs-2015-01-c-1920x1200_wallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "StageLightUpdate" HKLM\...\StartupApproved\Run32: => "DivXMediaServer" HKLM\...\StartupApproved\Run32: => "DivXUpdate" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\StartupApproved\Run: => "Wisdom-soft ScreenHunter 6.0 Free" HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\StartupApproved\Run: => "Speech Recognition" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{94D37E8A-466C-47C7-BC53-79FD5696A566}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7F45EB58-0FCA-4850-B77D-EAAB4FC78C37}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{2862BFE8-851B-4A3D-B718-1286FD521A31}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CD928E3D-8197-49F7-8731-5D80BFD49C37}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{CD53E725-624C-4492-AD22-C00BF7A1D96F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9EEAA0C9-78BE-48BC-84D4-94FFEF1D86A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9B39D747-B797-4B11-81E8-4DF4BCEA7C11}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{1AFCA5EA-DDDF-4B47-B74C-303B40BEE4CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{970B0753-2003-458A-949C-2B3D90D3B448}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{1E5FFD12-2FB9-4759-BACB-C3344A7D6A13}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AC5EFE0C-69A8-4619-8D49-B23FE3F29F46}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E79110D3-97A1-464B-AD59-F2FDB206617E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{45352512-01B0-4E7B-B699-905BDF24ADFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{72E1C868-B6D9-49D0-AADC-1B89C7DEDBC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4313C34C-E8B3-45AE-804C-BF91FFA9C6B4}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E8E2A172-03BF-499B-B4CF-12AA136B5FA9}] => (Block) %ProgramFiles% (x86)\HyperCam 3\SMM_HCEditor.exe FirewallRules: [{585D0774-04F2-45FB-8A21-864471EE32BC}] => (Allow) C:\Users\jimmy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{ABB74E66-F3C5-4E87-B1B5-CA8E8C8B0E41}C:\users\jimmy\desktop\agwpe\agw packet engine.exe] => (Allow) C:\users\jimmy\desktop\agwpe\agw packet engine.exe FirewallRules: [uDP Query User{FA24C16A-18E3-4B5E-B088-B4A5AD322E06}C:\users\jimmy\desktop\agwpe\agw packet engine.exe] => (Allow) C:\users\jimmy\desktop\agwpe\agw packet engine.exe FirewallRules: [{E8DE4770-2546-4562-AC42-FF3E39401E37}] => (Allow) LPort=3306 FirewallRules: [{7A3DAEDC-1267-402B-950B-53C23D35CA3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{15AC58B7-1A8A-4A8D-AFEF-155E869904AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{A99AAF21-C0A5-43A3-AE72-4E8EC773FB3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{BC09D8D0-9403-4E85-A6D1-694D9BBF4C4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{055FDCC6-B23F-4C27-B9B8-833CD1152BCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0D2EDF5C-3019-410A-B02D-931F2AAED352}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{0AAA257C-1CDE-4C1B-BA45-E61227E8CA05}C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe FirewallRules: [uDP Query User{2E695272-EBA0-4CA0-B28A-BE31608F6725}C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe FirewallRules: [TCP Query User{29F56303-90D0-4CA9-814D-094F3BCEFE72}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe FirewallRules: [uDP Query User{69D800FE-B694-4929-9377-D46C17B52F7F}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe FirewallRules: [TCP Query User{0C3E9BBA-F248-4A38-9BF8-851C2B291FE9}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe FirewallRules: [uDP Query User{25693474-B4A7-4949-9FAE-1E3C9EDAABE3}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe FirewallRules: [TCP Query User{B3AD53EE-4268-44F6-9C07-B5EB5BF1C7D3}C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe FirewallRules: [uDP Query User{127ABF18-E0AF-4DBE-97A4-7A01C7874045}C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\rekordbox 3.exe FirewallRules: [TCP Query User{A5E53F15-4043-4648-B210-5861E8EEE532}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe FirewallRules: [uDP Query User{9A80C248-1273-4C65-B024-82F4746AFAF3}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvnfsd.exe FirewallRules: [TCP Query User{3399B9AB-3884-4D71-90FD-13BD2E0ECD2B}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe FirewallRules: [uDP Query User{5C396CD7-2FD5-42E0-B08C-D47975B563E8}C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.1\psvlinksysmgr.exe FirewallRules: [{A002760C-3267-49BD-BDCD-C03A884C74BE}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{7CFDACBA-6C87-439F-9117-4FCAE529C47D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{3A4FDFBB-18D7-483E-9F91-3C133E96903B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Universe Sandbox 2\Universe Sandbox x64.exe FirewallRules: [{8206C712-F3AF-4067-A338-48D95BE9E5F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Universe Sandbox 2\Universe Sandbox x64.exe FirewallRules: [TCP Query User{F85F5769-797A-42D8-BA8F-973917F6D8CB}C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe FirewallRules: [uDP Query User{CCF94636-B86F-4456-8024-FBCB78299732}C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe FirewallRules: [TCP Query User{AF32A1BA-62D5-4BC4-97F6-A4702B44D6CA}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe FirewallRules: [uDP Query User{2FA6240C-DE2D-4637-9F07-8CCD267F473A}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe FirewallRules: [TCP Query User{E38B8939-DB18-409A-B189-8C7A23BD9628}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe FirewallRules: [uDP Query User{DD9157CF-3FCA-461B-8BE3-79BAA0C18DE0}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe FirewallRules: [{EBBE130E-F7CA-413F-9F45-4131C0C63BE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{4F246612-96E9-4C59-8476-42C4991D6DD3}C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe FirewallRules: [uDP Query User{89629B2E-3736-43DA-907E-12D38AF62E68}C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\rekordbox 3.exe FirewallRules: [TCP Query User{75E15812-CF1D-4738-9183-6E372D6B2CB0}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe FirewallRules: [uDP Query User{B62F803D-9C7E-41F2-8673-043C6065FFFB}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvnfsd.exe FirewallRules: [TCP Query User{054C9E7C-68EE-47D4-8FFE-881A20163F8F}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe FirewallRules: [uDP Query User{3F3405C0-CBCA-462A-AE31-BF2F7E5A805A}C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 3.2.2\psvlinksysmgr.exe ==================== Faulty Device Manager Devices ============= Name: facap, FastAccess Video Capture Description: facap, FastAccess Video Capture Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Sensible Vision Service: facap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/18/2015 05:28:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [0] Error: (07/18/2015 05:28:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to open Audio Capture session [6] Error: (07/18/2015 05:27:57 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/18/2015 05:25:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06 Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83 Exception code: 0x80000003 Fault offset: 0x00001aa1 Faulting process id: 0x1e50 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (07/18/2015 01:09:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 39.0.0.5659, time stamp: 0x55934d06 Faulting module name: mozalloc.dll, version: 39.0.0.5659, time stamp: 0x55933a83 Exception code: 0x80000003 Fault offset: 0x00001aa1 Faulting process id: 0x171c Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Faulting package full name: plugin-container.exe4 Faulting package-relative application ID: plugin-container.exe5 Error: (07/18/2015 01:07:27 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 11:09:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 10:34:59 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (07/17/2015 10:32:22 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 09:59:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] System errors: ============= Error: (07/17/2015 09:59:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Modules Installer service terminated with the following error: %%16389 Error: (07/17/2015 09:31:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/17/2015 09:30:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/16/2015 07:11:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/16/2015 02:40:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 126 Error: (07/16/2015 02:39:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/16/2015 02:22:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 126 Error: (07/16/2015 02:22:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/16/2015 02:01:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (07/15/2015 12:03:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Microsoft Office: ========================= Error: (07/18/2015 05:28:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcNvVAD initialization failed [0] Error: (07/18/2015 05:28:26 AM) (Source: NvStreamSvc) (EventID: 1) (User: ) Description: NvStreamSvcFailed to open Audio Capture session [6] Error: (07/18/2015 05:27:57 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/18/2015 05:25:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa11e5001d0c0c65462f092C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9c84b6fe-2cb9-11e5-82a7-54271ebea44a Error: (07/18/2015 01:09:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1171c01d0c0a288d927eaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllcdf9ede1-2c95-11e5-82a4-54271ebea44a Error: (07/18/2015 01:07:27 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 11:09:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 10:34:59 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (07/17/2015 10:32:22 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/17/2015 09:59:18 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] CodeIntegrity Errors: =================================== Date: 2015-07-18 05:46:45.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 05:46:45.232 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 05:46:45.141 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 05:46:45.049 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 05:46:44.907 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 00:06:19.814 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 00:06:19.736 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 00:06:19.642 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 00:06:19.283 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-07-18 00:06:19.189 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i7-4910MQ CPU @ 2.90GHz Percentage of memory in use: 13% Total physical RAM: 32691.02 MB Available physical RAM: 28408.47 MB Total Virtual: 37555.02 MB Available Virtual: 32865.18 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:196.74 GB) (Free:45.23 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:342.38 GB) NTFS Drive e: (Pro Tools SE) (CDROM) (Total:7.83 GB) (Free:0 GB) CDFS Drive x: (PBR Image) (Fixed) (Total:8.34 GB) (Free:0.74 GB) NTFS Drive y: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.29 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: B88F2230) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: DF12B322) Partition: GPT Partition Type. ==================== End of log ============================ RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits version Started in : Normal mode User : The Professor [Administrator] Started from : C:\Users\jimmy\Desktop\RogueKiller.exe Mode : Scan -- Date : 07/18/2015 07:32:41 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤ [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1A1F6FEA-32AE-467E-8878-78AA1C0C44C6} | DhcpNameServer : 192.231.203.132 192.231.203.3 ([AUSTRALIA (AU)][AUSTRALIA (AU)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{756096BF-C099-4E25-B48C-5AFC0F5286DB} | DhcpNameServer : 10.1.1.1 ([(Private Address) (XX)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A1F6FEA-32AE-467E-8878-78AA1C0C44C6} | DhcpNameServer : 192.231.203.132 192.231.203.3 ([AUSTRALIA (AU)][AUSTRALIA (AU)]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{756096BF-C099-4E25-B48C-5AFC0F5286DB} | DhcpNameServer : 10.1.1.1 ([(Private Address) (XX)]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 2 ¤¤¤ 127.0.0.1 Localhost :: Localhost ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD10JPVX-75JC3T0 +++++ --- User --- [MBR] bdbdc53afcb86a3655c6075fac1643e5 [bSP] 61e0101b2d0d8823029511c5ff1c4a86 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB 1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: LITEON IT LMT-256L9M-11 MSATA 256GB +++++ --- User --- [MBR] fd0af31dcab89e53cdd95e52174874b5 [bSP] 9ca120d1bf6f820db2c36ff2f299f4a3 : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB 1 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB 3 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB 4 - Basic data partition | Offset (sectors): 2906112 | Size: 201465 MB 5 - [sYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 432996352 | Size: 32774 MB 6 - [sYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 415506432 | Size: 8540 MB User = LL1 ... OK User = LL2 ... OK
  2. MALWARE BYTES Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/18/2015 Scan Time: 6:37 AM Logfile: Malware Bytes LOG.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.17.05 Rootkit Database: v2015.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: The Professor Scan Type: Threat Scan Result: Completed Objects Scanned: 400893 Time Elapsed: 7 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by The Professor (administrator) on THEPROFESSOR on 18-07-2015 06:48:49 Running from C:\Users\jimmy\Desktop Loaded Profiles: The Professor (Available Profiles: The Professor) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FACSMon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (M-Audio) C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAsenmon.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe () C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe () C:\Program Files (x86)\Sensible Vision\Fast Access\FAAppMonOT.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation) HKLM\...\Run: [] => [X] HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-05] (Alienware) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM\...\Run: [stageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe [1391104 2014-12-02] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-06-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor) HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4593968 2013-11-16] () HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [FAStartup] => [X] HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95536 2014-12-03] (Sensible Vision ) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2015-05-06] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-02] (Adobe Systems Incorporated) Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2014-12-03] (Sensible Vision ) HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0 HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\Run: [speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2014-10-29] (Microsoft Corporation) HKU\S-1-5-21-2105765451-1135739353-437393356-1001\...\MountPoints2: {b8ad858e-dc7a-11e3-824c-806e6f6e6963} - "E:\setup.exe" HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-29] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [] => [X] Lsa: [Notification Packages] scecli FAPassSync Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-05-16] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-05-16] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{F9D8E17A-8670-4D39-AFBE-9B599BB85B1A}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] () ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS) ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alienwarearena.com/welcome-au HKU\S-1-5-21-2105765451-1135739353-437393356-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alienwarearena.com/welcome-au SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2105765451-1135739353-437393356-1001 -> DefaultScope {8B90708A-26E7-4C7A-8A28-AEC2801CEF44} URL = SearchScopes: HKU\S-1-5-21-2105765451-1135739353-437393356-1001 -> {8B90708A-26E7-4C7A-8A28-AEC2801CEF44} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation) BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2014-12-03] (Sensible Vision ) BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2014-12-03] (Sensible Vision ) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2015-05-06] (Sun Microsystems, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{1A1F6FEA-32AE-467E-8878-78AA1C0C44C6}: [DhcpNameServer] 192.231.203.132 192.231.203.3 Tcpip\..\Interfaces\{756096BF-C099-4E25-B48C-5AFC0F5286DB}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{756096BF-C099-4E25-B48C-5AFC0F5286DB}: [DhcpNameServer] 10.1.1.1 FireFox: ======== FF ProfilePath: C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sfowxwsn.default FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-02] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-05] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-02-24] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-02-24] (NVIDIA Corporation) FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll [2014-05-23] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-28] (VideoLAN) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-02] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll [2015-05-06] (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-04-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-04-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-04-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-04-18] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-04-18] (Apple Inc.) FF Extension: Word Count Tool - C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sfowxwsn.default\Extensions\jid0-YHLk2psjhEWXNJqMKTU7dDcMJcN@jetpack.xpi [2015-04-25] FF Extension: Facebook Ads Block - C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sfowxwsn.default\Extensions\jid1-CGxMej0nDJTjwQ@jetpack.xpi [2015-04-24] FF Extension: Best Video Downloader 2 - C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sfowxwsn.default\Extensions\{170503FA-3349-4F17-BC86-001888A5C8E2}.xpi [2015-04-21] FF Extension: Adblock Plus - C:\Users\jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\sfowxwsn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-24] FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2015-04-29] Chrome: ======= CHR Profile: C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17] CHR Extension: (Google Docs) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17] CHR Extension: (Google Drive) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17] CHR Extension: (YouTube) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17] CHR Extension: (Google Search) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17] CHR Extension: (Google Sheets) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17] CHR Extension: (Google Wallet) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-17] CHR Extension: (Gmail) - C:\Users\jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2014-05-16] (Broadcom Corporation.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation) S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-23] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-23] (Dell Inc.) R2 FastTrackProAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe [1688336 2013-05-23] (M-Audio) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [344288 2015-03-20] (Futuremark) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation) S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-02] (iolo technologies, LLC) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2014-05-16] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-05-16] (Broadcom Corporation) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-16] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink) S3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2015-05-03] (CPUID) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-27] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-23] (Dell Computer Corporation) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-11] () R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-11] () S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider) R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-12] (Intel Corporation) S3 iscFlash; C:\Users\jimmy\AppData\Local\Temp\7zS6509.tmp\iscflashx64.sys [58464 2012-08-28] (Insyde Software) R2 ISOMount; C:\Program Files (x86)\Free ISO Mount\FIMx64.sys [33896 2015-07-01] () R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.) S3 MAUSBFASTTRACKPRO; C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [184592 2013-05-23] (M-Audio) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-19] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated) R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-08-07] (STMicroelectronics) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-18 06:48 - 2015-07-18 06:48 - 00027532 _____ C:\Users\jimmy\Desktop\FRST.txt 2015-07-18 06:48 - 2015-07-18 06:48 - 00000000 ____D C:\FRST 2015-07-18 06:47 - 2015-07-18 06:48 - 02133504 _____ (Farbar) C:\Users\jimmy\Desktop\FRST64.exe 2015-07-18 05:53 - 2015-07-18 05:53 - 00002151 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2015-07-18 05:52 - 2015-07-18 05:52 - 00000000 ____D C:\Windows\LastGood 2015-07-18 05:52 - 2014-02-24 09:53 - 00596424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-07-18 05:31 - 2015-07-18 05:31 - 00417064 _____ () C:\Users\jimmy\Downloads\DellSystemDetectLauncher.exe 2015-07-18 05:30 - 2015-07-18 05:37 - 373151088 _____ (Dell Inc.) C:\Users\jimmy\Downloads\Alienware-17_Video_Driver_7HKTK_WN_9.18.13.3270_A01.EXE 2015-07-18 05:23 - 2015-07-18 05:23 - 00003272 _____ C:\Windows\System32\Tasks\DolbySelectorTask 2015-07-18 05:23 - 2015-07-18 05:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio 2015-07-18 05:23 - 2014-06-03 18:51 - 03986392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2015-07-18 05:23 - 2014-06-03 17:07 - 01149674 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2015-07-18 05:23 - 2014-06-03 16:07 - 62084608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat 2015-07-18 05:23 - 2014-06-03 15:40 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2015-07-18 05:23 - 2014-05-29 18:11 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2015-07-18 05:23 - 2014-05-22 13:21 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2015-07-18 05:23 - 2014-05-19 17:16 - 02843352 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2015-07-18 05:23 - 2014-05-16 15:29 - 02000152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll 2015-07-18 05:23 - 2014-05-16 15:29 - 01728280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll 2015-07-18 05:23 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2015-07-18 05:23 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll 2015-07-18 05:23 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll 2015-07-18 05:23 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll 2015-07-18 05:23 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll 2015-07-18 05:23 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2015-07-18 05:23 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll 2015-07-18 05:23 - 2014-02-06 11:28 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat 2015-07-18 05:23 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2015-07-18 05:23 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll 2015-07-18 05:23 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll 2015-07-18 05:23 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2015-07-18 05:23 - 2013-04-23 14:54 - 00154184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll 2015-07-18 05:23 - 2013-01-11 16:27 - 00628504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBTHX64.dll 2015-07-18 05:23 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBTHX32.dll 2015-07-18 05:23 - 2012-11-14 11:41 - 00378000 _____ (Realtek Semiconductor) C:\Windows\system32\RtkGuiCompLib.dll 2015-07-18 05:23 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll 2015-07-18 05:23 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll 2015-07-18 05:23 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll 2015-07-18 05:23 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll 2015-07-18 05:23 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll 2015-07-18 05:23 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll 2015-07-18 05:23 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll 2015-07-18 05:23 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll 2015-07-18 05:23 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2015-07-18 05:23 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll 2015-07-18 05:23 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll 2015-07-18 05:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll 2015-07-18 05:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2015-07-18 05:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll 2015-07-18 05:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll 2015-07-18 05:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll 2015-07-18 05:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll 2015-07-18 05:23 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll 2015-07-18 05:20 - 2015-07-18 05:23 - 00003132 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton 2015-07-18 05:20 - 2015-07-18 05:23 - 00000000 ____D C:\Program Files\Dolby Digital Plus 2015-07-18 05:20 - 2015-07-18 05:20 - 00000000 ____D C:\Windows\LastGood.Tmp 2015-07-18 05:08 - 2015-07-18 05:18 - 371242240 _____ (Dell Inc.) C:\Users\jimmy\Downloads\Audio_Driver_DW2CT_WN_7260_A01.EXE 2015-07-18 00:06 - 2015-07-18 00:06 - 00002348 _____ C:\Users\Public\Desktop\MaltegoCE v3.6.0.lnk 2015-07-18 00:05 - 2015-07-18 00:05 - 00000000 __HDC C:\ProgramData\{8CCB2911-37C0-42BF-A0A7-FE3CB2FBAC53} 2015-07-18 00:04 - 2015-07-18 00:04 - 00000000 __HDC C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7} 2015-07-17 23:17 - 2015-07-17 23:19 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2015-07-17 23:04 - 2015-07-17 23:19 - 00001152 _____ C:\Users\jimmy\Desktop\ASIO4ALL v2 Instruction Manual.lnk 2015-07-17 23:04 - 2015-07-17 23:19 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2015-07-17 23:03 - 2015-07-17 23:03 - 00461946 _____ C:\Users\jimmy\Downloads\ASIO4ALL_2_12_English.exe 2015-07-17 22:06 - 2015-07-17 22:06 - 00000000 __HDC C:\ProgramData\{972BEEDB-39CF-495B-A950-BFDB60512E9F} 2015-07-17 21:37 - 2015-07-18 00:04 - 00001077 _____ C:\Users\Public\Desktop\Service Center.lnk 2015-07-17 21:27 - 2015-07-17 21:27 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-17 17:50 - 2015-07-17 17:50 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk 2015-07-17 17:14 - 2015-07-17 17:14 - 00003526 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-lynksys@hotmail.com 2015-07-17 17:14 - 2015-07-17 17:14 - 00001136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk 2015-07-17 17:01 - 2015-07-17 17:01 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk 2015-07-17 16:38 - 2015-07-17 16:38 - 00000000 ____D C:\Program Files (x86)\My Company Name 2015-07-17 16:33 - 2015-07-18 05:59 - 00000000 ____D C:\ProgramData\boost_interprocess 2015-07-17 16:33 - 2015-07-17 16:33 - 00000000 ___RD C:\Users\jimmy\Creative Cloud Files 2015-07-17 16:32 - 2015-07-17 16:32 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-07-17 16:32 - 2015-07-17 16:32 - 00001231 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2015-07-16 03:11 - 2015-07-16 03:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio 2015-07-16 03:11 - 2015-07-16 03:11 - 00000000 ____D C:\Program Files\M-Audio 2015-07-16 03:11 - 2015-07-16 03:11 - 00000000 ____D C:\Program Files (x86)\M-Audio 2015-07-16 02:39 - 2013-05-23 05:58 - 19612432 _____ (M-Audio, a division of Avid Technology, Inc.) C:\Users\jimmy\Desktop\Install_M-Audio_Fast_Track_Pro_6.1.10.exe 2015-07-16 02:38 - 2015-07-16 02:38 - 16465549 _____ C:\Users\jimmy\Downloads\Install_M-Audio_Fast_Track_Pro_6.1.10.zip 2015-07-15 08:43 - 2015-07-18 06:09 - 00005022 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TheProfessor-The Professor TheProfessor 2015-07-15 04:31 - 2015-07-10 05:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 04:31 - 2015-07-10 04:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 04:31 - 2015-07-10 02:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 04:31 - 2015-07-10 01:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 04:31 - 2015-07-10 01:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 04:31 - 2015-07-10 01:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-07-15 04:31 - 2015-07-10 01:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 04:31 - 2015-07-10 01:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 04:31 - 2015-07-10 01:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 04:31 - 2015-07-10 01:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 04:31 - 2015-07-10 01:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 04:31 - 2015-07-10 01:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 04:31 - 2015-07-10 01:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 04:31 - 2015-06-27 13:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 04:31 - 2015-06-27 13:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 04:31 - 2015-06-27 12:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 04:30 - 2015-07-03 23:52 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-15 04:30 - 2015-07-03 23:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-15 04:30 - 2015-07-03 23:50 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-15 04:30 - 2015-07-03 23:50 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-15 04:30 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-15 04:30 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-15 04:30 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-15 04:30 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-15 04:30 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-15 04:30 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-15 04:30 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-15 04:30 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-15 04:30 - 2015-07-02 08:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-15 04:30 - 2015-07-02 07:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-15 04:30 - 2015-06-30 08:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-15 04:30 - 2015-06-30 01:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-15 04:30 - 2015-06-30 01:07 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-15 04:30 - 2015-06-30 01:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-15 04:30 - 2015-06-30 01:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-15 04:30 - 2015-06-30 01:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-15 04:30 - 2015-06-28 15:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 04:30 - 2015-06-28 15:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 04:30 - 2015-06-28 15:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 04:30 - 2015-06-28 15:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 04:30 - 2015-06-28 02:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 04:30 - 2015-06-27 13:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 04:30 - 2015-06-27 13:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 04:30 - 2015-06-27 13:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 04:30 - 2015-06-27 12:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-07-15 04:30 - 2015-06-27 12:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 04:30 - 2015-06-27 12:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 04:30 - 2015-06-27 11:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-07-15 04:30 - 2015-06-27 11:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 04:30 - 2015-06-27 09:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-15 04:30 - 2015-06-27 09:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-15 04:30 - 2015-06-25 12:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 04:30 - 2015-06-16 15:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 04:30 - 2015-06-16 15:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 04:30 - 2015-06-16 08:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 04:30 - 2015-06-16 08:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-15 04:30 - 2015-06-16 08:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-15 04:30 - 2015-06-16 08:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-15 04:30 - 2015-06-16 08:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 04:30 - 2015-06-16 08:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-15 04:30 - 2015-06-16 08:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-07-15 04:30 - 2015-06-16 07:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-15 04:30 - 2015-06-16 07:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-15 04:30 - 2015-06-16 07:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-07-15 04:30 - 2015-06-16 07:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 04:30 - 2015-06-16 07:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-07-15 04:30 - 2015-06-16 07:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-07-15 04:30 - 2015-06-16 07:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-15 04:30 - 2015-06-16 07:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-15 04:30 - 2015-06-16 07:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-07-15 04:30 - 2015-06-16 07:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-15 04:30 - 2015-06-16 07:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 04:30 - 2015-06-16 07:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-15 04:30 - 2015-06-16 07:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 04:30 - 2015-06-16 07:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 04:30 - 2015-06-16 07:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-15 04:30 - 2015-06-16 07:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-15 04:30 - 2015-06-16 06:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-15 04:30 - 2015-06-16 06:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 04:30 - 2015-06-16 06:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-07-15 04:30 - 2015-06-16 06:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-15 04:30 - 2015-06-16 06:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 04:30 - 2015-06-16 06:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-07-15 04:30 - 2015-06-16 06:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 04:30 - 2015-06-16 06:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-07-15 04:30 - 2015-06-16 06:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-07-15 04:30 - 2015-06-16 06:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-15 04:30 - 2015-06-16 06:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 04:30 - 2015-06-16 06:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 04:30 - 2015-06-16 06:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2015-07-15 04:30 - 2015-06-16 06:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-15 04:30 - 2015-06-16 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-07-15 04:30 - 2015-06-16 05:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 04:30 - 2015-06-11 13:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 04:30 - 2015-06-11 02:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 04:30 - 2015-05-31 07:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-07-15 04:30 - 2015-05-31 05:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-07-15 04:30 - 2015-05-31 05:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-07-15 04:30 - 2015-05-12 23:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2015-07-15 04:30 - 2015-05-12 04:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2015-07-15 04:30 - 2015-05-12 02:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll 2015-07-15 04:30 - 2015-05-08 03:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-07-15 04:30 - 2015-05-08 03:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-07-15 04:30 - 2015-05-08 02:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-07-15 04:30 - 2015-05-08 02:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-07-15 04:30 - 2015-05-08 02:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-07-15 04:30 - 2015-05-08 01:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll 2015-07-15 04:30 - 2015-05-08 01:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll 2015-07-15 04:30 - 2015-05-04 01:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-15 04:30 - 2015-05-04 01:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2015-07-15 04:30 - 2015-05-04 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-07-15 04:30 - 2015-05-04 00:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2015-07-15 04:30 - 2015-05-04 00:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2015-07-15 04:30 - 2015-05-04 00:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2015-07-15 04:30 - 2015-05-03 10:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-07-15 04:30 - 2015-05-02 09:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml 2015-07-15 04:30 - 2015-04-30 09:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2015-07-15 04:30 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls 2015-07-15 04:30 - 2015-04-28 23:13 - 00513480 _____ C:\Windows\system32\locale.nls 2015-07-15 04:30 - 2015-04-25 12:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2015-07-15 04:30 - 2015-04-24 01:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-07-15 04:30 - 2015-04-24 01:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-07-15 04:30 - 2014-11-05 05:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys 2015-07-15 04:30 - 2014-11-05 05:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys 2015-07-15 04:30 - 2014-11-04 16:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys 2015-07-15 04:30 - 2014-11-04 16:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys 2015-07-15 04:30 - 2014-11-04 16:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys 2015-07-15 04:30 - 2014-11-04 16:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys 2015-07-14 20:51 - 2015-07-14 20:51 - 00000982 _____ C:\Users\jimmy\Desktop\rekordbox 2015-07-14 08:06 - 2015-07-14 08:07 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy 2015-07-14 08:04 - 2015-07-14 08:04 - 00000000 ____D C:\Program Files (x86)\InterLok 2015-07-14 07:35 - 2009-12-23 22:03 - 00836096 _____ (PACE Anti-Piracy) C:\Windows\SysWOW64\ilinet.dll 2015-07-14 07:35 - 2003-03-18 22:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll 2015-07-14 07:35 - 2003-03-18 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71DEU.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ITA.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71FRA.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ESP.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71ENU.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71KOR.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71JPN.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHT.DLL 2015-07-14 07:35 - 2003-03-18 21:44 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71CHS.DLL 2015-07-14 07:35 - 2003-03-18 20:05 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atl71.dll 2015-07-14 07:35 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll 2015-07-14 07:35 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll 2015-07-14 07:35 - 2001-06-27 10:13 - 00217088 _____ C:\Windows\SysWOW64\qtmlClient.dll 2015-07-10 07:19 - 2015-07-10 07:19 - 46030186 _____ C:\Users\jimmy\Desktop\Fiver Video.mp4 2015-07-09 01:44 - 2015-07-09 01:44 - 00000222 _____ C:\Users\jimmy\Desktop\Universe Sandbox.url 2015-07-07 22:15 - 2015-07-18 06:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-07 22:15 - 2015-07-15 06:48 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-03 17:06 - 2015-07-14 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-02 14:15 - 2015-07-02 14:15 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} 2015-07-01 20:52 - 2015-07-01 20:52 - 00000000 ____D C:\Users\jimmy\AppData\Local\Native Instruments 2015-07-01 20:51 - 2015-07-18 00:08 - 00000000 ____D C:\Users\jimmy\Documents\Native Instruments 2015-07-01 20:51 - 2015-07-01 20:51 - 00000000 __HDC C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9} 2015-07-01 20:51 - 2015-07-01 20:51 - 00000000 __HDC C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D} 2015-07-01 20:51 - 2015-07-01 20:51 - 00000000 __HDC C:\ProgramData\{1CEDDDD4-56D2-463F-BC4E-C5DFFD3533C9} 2015-07-01 20:50 - 2015-07-01 20:50 - 00000000 __HDC C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} 2015-07-01 20:49 - 2015-07-01 20:49 - 00000000 ____D C:\Users\jimmy\Desktop\data 2015-07-01 20:19 - 2015-06-08 12:59 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys 2015-07-01 09:05 - 2015-07-01 09:07 - 00000000 ____D C:\Users\jimmy\Desktop\Promo 2015-07-01 01:39 - 2015-07-01 01:43 - 07799242 _____ C:\Users\jimmy\Desktop\Vinod sess2 Fixed audio.wav 2015-07-01 01:39 - 2015-07-01 01:43 - 00323676 _____ C:\Users\jimmy\Desktop\Vinod sess2 Fixed audio.pkf 2015-06-23 15:19 - 2015-06-23 15:19 - 00004056 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask 2015-06-23 15:19 - 2015-06-23 15:19 - 00003504 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2015-06-23 15:19 - 2015-06-23 15:19 - 00003236 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest 2015-06-23 15:19 - 2015-06-23 15:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows 2015-06-22 19:07 - 2015-06-22 19:07 - 00007605 _____ C:\Users\jimmy\AppData\Local\Resmon.ResmonCfg ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-18 06:46 - 2015-04-16 11:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-18 06:20 - 2014-05-16 08:00 - 02078365 _____ C:\Windows\WindowsUpdate.log 2015-07-18 06:13 - 2015-04-16 10:39 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2105765451-1135739353-437393356-1001 2015-07-18 06:08 - 2014-05-16 08:01 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-18 06:05 - 2014-05-16 08:05 - 00000000 ____D C:\Program Files (x86)\AlienRespawn 2015-07-18 06:03 - 2015-04-17 11:47 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-18 06:02 - 2013-08-23 00:46 - 00038973 _____ C:\Windows\setupact.log 2015-07-18 06:00 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru 2015-07-18 05:59 - 2015-04-17 11:47 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-18 05:59 - 2015-04-16 11:00 - 00000000 ____D C:\Users\jimmy\AppData\Local\Adobe 2015-07-18 05:59 - 2015-04-16 10:38 - 00000000 __RDO C:\Users\jimmy\OneDrive 2015-07-18 05:59 - 2014-05-16 07:58 - 00003278 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager 2015-07-18 05:58 - 2015-05-03 22:20 - 00000000 ____D C:\ProgramData\NVIDIA 2015-07-18 05:58 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-18 05:53 - 2015-04-16 10:35 - 00000000 ____D C:\Users\jimmy\AppData\Local\NVIDIA Corporation 2015-07-18 05:53 - 2014-05-16 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-07-18 05:46 - 2015-04-16 15:31 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\uTorrent 2015-07-18 05:31 - 2015-04-23 18:22 - 00000000 ____D C:\Users\jimmy\AppData\Local\Deployment 2015-07-18 05:24 - 2015-05-23 21:40 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\PioneerLog 2015-07-18 05:23 - 2015-06-01 22:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM 2015-07-18 05:23 - 2014-05-16 07:58 - 00000000 ___HD C:\Program Files (x86)\Temp 2015-07-18 05:23 - 2014-05-16 07:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-18 05:22 - 2014-05-16 07:49 - 00048814 _____ C:\Windows\PFRO.log 2015-07-18 05:19 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-07-18 05:09 - 2014-05-16 07:58 - 00000000 ____D C:\Program Files (x86)\Realtek 2015-07-17 23:42 - 2014-05-16 08:05 - 00000000 ____D C:\Program Files (x86)\Steam 2015-07-17 21:59 - 2015-04-16 10:33 - 00000000 ____D C:\Users\jimmy 2015-07-17 21:59 - 2013-08-23 01:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2015-07-17 21:59 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp 2015-07-17 21:37 - 2014-05-16 08:00 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-17 21:34 - 2015-05-04 21:58 - 00000038 _____ C:\Users\jimmy\CurrentSong.txt 2015-07-17 21:27 - 2015-04-16 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-17 21:27 - 2015-04-16 11:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-07-17 17:52 - 2015-04-18 13:32 - 00000000 ____D C:\Program Files\Common Files\Adobe 2015-07-17 17:50 - 2015-04-16 11:30 - 00000000 ____D C:\Users\jimmy\Documents\Adobe 2015-07-17 17:50 - 2015-04-16 10:34 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Adobe 2015-07-17 17:49 - 2015-04-18 13:33 - 00000000 ____D C:\Program Files\Adobe 2015-07-17 17:49 - 2015-04-16 11:00 - 00000000 ____D C:\ProgramData\Adobe 2015-07-17 17:14 - 2015-04-16 11:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2015-07-17 16:38 - 2015-04-16 11:01 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-16 14:25 - 2015-04-18 05:43 - 00003120 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2105765451-1135739353-437393356-1001 2015-07-16 04:58 - 2015-04-17 11:47 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 04:58 - 2015-04-17 11:47 - 00003668 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-16 02:31 - 2015-06-08 06:16 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Winamp 2015-07-16 02:12 - 2015-04-16 16:11 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\vlc 2015-07-15 08:39 - 2015-04-18 05:43 - 00004990 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for THEPROFESSOR-jimmy TheProfessor 2015-07-15 08:30 - 2013-08-23 00:44 - 05052368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-15 08:24 - 2013-08-23 01:36 - 00000000 ___RD C:\Windows\ToastData 2015-07-15 08:24 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\WinStore 2015-07-15 06:00 - 2015-04-18 09:31 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-15 06:00 - 2015-04-18 09:31 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 06:00 - 2015-04-18 03:45 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 20:51 - 2015-05-23 21:29 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pioneer 2015-07-14 20:51 - 2015-05-23 21:29 - 00000000 ____D C:\Program Files (x86)\Pioneer 2015-07-14 08:44 - 2014-09-07 12:24 - 00000000 ___HD C:\Users\jimmy\AppData\Local\RAZvdvn5mwZMrp 2015-07-14 08:20 - 2015-03-14 00:21 - 00000000 ___HD C:\Users\jimmy\AppData\Local\hsJ72jga 2015-07-14 08:08 - 2014-09-30 17:09 - 00000000 ___HD C:\Users\jimmy\AppData\Local\jmOJ9u004EE 2015-07-14 08:08 - 2014-05-21 09:22 - 00000000 ___HD C:\Users\jimmy\AppData\Local\AlMdTeMZRtw7h1F 2015-07-14 08:06 - 2015-04-16 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 07:10 - 2013-08-23 01:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 07:10 - 2013-08-23 01:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 02:26 - 2015-04-18 09:31 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-14 02:26 - 2015-04-18 09:31 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-13 05:35 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\AppReadiness 2015-07-09 01:44 - 2015-04-16 14:34 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-07-08 07:35 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\NDF 2015-07-05 20:08 - 2015-04-18 04:22 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 08:43 - 2015-04-18 03:45 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 14:15 - 2015-04-19 15:57 - 00003816 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate 2015-07-02 14:15 - 2015-04-19 15:57 - 00000000 ____D C:\ProgramData\SupportAssistAgent 2015-07-01 20:51 - 2014-05-16 07:57 - 00040252 _____ C:\Windows\DPINST.LOG 2015-06-30 14:58 - 2015-06-09 12:08 - 00000000 ____D C:\Users\jimmy\AppData\Roaming\Audacity 2015-06-24 22:38 - 2015-04-18 05:39 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-06-23 15:19 - 2014-05-16 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware 2015-06-23 15:18 - 2014-05-16 08:05 - 00000000 ____D C:\ProgramData\PCDr 2015-06-18 14:20 - 2015-04-16 10:34 - 00000000 ____D C:\Users\jimmy\AppData\Local\Packages 2015-06-18 08:42 - 2015-04-16 11:16 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-04-16 11:16 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2015-04-16 11:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2015-04-16 15:41 - 2015-04-16 15:56 - 0000103 _____ () C:\Users\jimmy\AppData\Roaming\Camdata.ini 2015-04-16 15:41 - 2015-04-16 15:56 - 0000408 _____ () C:\Users\jimmy\AppData\Roaming\CamLayout.ini 2015-04-16 15:41 - 2015-04-16 15:56 - 0000408 _____ () C:\Users\jimmy\AppData\Roaming\CamShapes.ini 2015-04-16 15:41 - 2015-04-16 15:56 - 0004521 _____ () C:\Users\jimmy\AppData\Roaming\CamStudio.cfg 2015-04-18 09:14 - 2015-03-27 05:30 - 0002827 _____ () C:\Users\jimmy\AppData\Roaming\hejmegui.zip 2015-04-17 05:37 - 2015-04-17 05:37 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\jimmy\AppData\Roaming\msvcr90-ruby191.dll 2015-04-18 09:14 - 2015-03-26 15:36 - 0000190 _____ () C:\Users\jimmy\AppData\Roaming\x264 commandline.txt 2015-04-18 08:03 - 2015-04-19 09:08 - 0011264 _____ () C:\Users\jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-22 19:07 - 2015-06-22 19:07 - 0007605 _____ () C:\Users\jimmy\AppData\Local\Resmon.ResmonCfg 2014-05-16 07:58 - 2014-05-16 07:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-05-16 08:03 - 2014-05-16 08:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2014-05-16 08:02 - 2014-05-16 08:02 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2014-05-16 08:02 - 2014-05-16 08:03 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2014-05-16 08:03 - 2014-05-16 08:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2014-05-16 08:02 - 2014-05-16 08:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\jimmy\AppData\Local\Temp\AAMHelper.exe C:\Users\jimmy\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\jimmy\AppData\Local\Temp\bedhbcdheb.exe C:\Users\jimmy\AppData\Local\Temp\FAInstallV4.001.208.Dell.exe C:\Users\jimmy\AppData\Local\Temp\nvSCPAPI.dll C:\Users\jimmy\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\jimmy\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-14 02:26 ==================== End of log ============================
  3. Hello, I am experiencing some issues with my Alienware and i need help to find what is messing with my system. After running malware bytes it detected 9 items and appears to have removed them however things still arent right and i need help to be sure. It feels like my pc is still infected. I have been having serious trouble with audio and video drivers becoming corrupt as well as unusual slowness and lethargy (relative to when i purchased it 3 months ago). Since i can't be overly specific i feel like a really thorough check is needed. I will be making a donation to you for this help. I have recieved help from you a couple of times before and with this one i want to say thanks. you guys provide an invaluable service. Also, this is an Alienware `7". i need to make sure it's in good condition :/ Thankyou
  4. #All steps completed succesfully, MBAM threat scan report below. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/27/2014 Scan Time: 1:30:16 PM Logfile: Administrator: No Version: 2.00.1.1004 Malware Database: v2014.04.27.01 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Mr. Bojangles Scan Type: Threat Scan Result: Completed Objects Scanned: 319641 Time Elapsed: 16 min, 49 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.SingALong.A, HKU\S-1-5-21-2838019926-1718427338-2428480347-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6492E171-2427-4932-B414-33574A089F5E}, , [5fee81ae1467d75facf03fd93ac843bd], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. #hi! thanks for the reply #here is DDS.txt ++++++++++++++++++++++++++++++++++++++++++++++ DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.16762 BrowserJavaVersion: 10.51.2 Run by Mr. Bojangles at 9:03:54 on 2014-04-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.929 [GMT 10:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: AVG Internet Security 2014 *Disabled* FW: Symantec Client Firewall *Disabled* . ============== Running Processes ================ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\D-Link\DWA-160\ANIWConnService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\M-Audio\Fast Track Pro\AudioDevMon.exe C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe C:\WINDOWS\system32\hasplms.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\SensorsViewPro43\svservice.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe c:\Program Files\Zune\WMZuneComm.exe c:\Program Files\Zune\ZuneBusEnum.exe c:\Program Files\Zune\ZuneNss.exe c:\Program Files\Zune\ZuneWlanCfgSvc.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Lenovo\System Update\SUService.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe C:\Program Files\AVG\AVG2014\avgui.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\D-Link\DWA-160\AirNCFG.exe C:\Program Files\D-Link\DWA-160\WZCSLDR2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = iexplore BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned> BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AVG-Secure-Search-Update_1213b] c:\documents and settings\mr. bojangles\application data\avg 1213b campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=Unknown /CMPID=1213b mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [D-Link D-Link Wireless N Dual Band DWA-160 ] c:\program files\d-link\dwa-160\AirNCFG.exe mRun: [D-Link Wireless N Dual Band DWA-160 WZCSLDR2] c:\program files\d-link\dwa-160\WZCSLDR2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Daemon for Mouse Suite] c:\program files\lenovo\lenovo mouse suite\ICO.EXE 30 mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\mr6e0d~1.boj\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mr. bojangles\application data\dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 10.1.1.1 TCP: Interfaces\{7195727A-5667-4970-8430-3FFFD09D0F69} : DHCPNameServer = 10.1.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: LMIinit - LMIinit.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 150296] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 238872] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 108312] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 28440] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 123160] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 199960] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22296] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 193304] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 211224] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-28 42272] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2005-2-5 53896] R1 sensorsview;sensorsview;c:\program files\sensorsviewpro43\drv\sensorsview32.sys [2008-7-27 14416] R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [2011-12-29 29411] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-3 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-3 161392] R2 D-Link Wireless N Dual Band DWA-160 _WPS;D-Link Wireless N Dual Band DWA-160 _WPS Service;c:\program files\d-link\dwa-160\ANIWConnService.exe [2014-3-25 53248] R2 FastTrackProAudioDevMon;Fast Track Pro Audio Device Monitor;c:\program files\m-audio\fast track pro\AudioDevMon.exe [2013-5-23 1688336] R2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-1-25 375120] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-11-29 13624] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-3-15 47640] R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-4-8 3857408] R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-14 58368] R2 SensorsVService;SensorsVService;c:\program files\sensorsviewpro43\svservice.exe [2011-12-3 935424] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-15 3968] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2005-8-19 1730240] R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-26 1771032] R3 MAUSBFASTTRACKPRO;Service for M-Audio Fast Track Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2010-12-7 149520] R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Drt2870.sys [2014-3-25 1209408] S1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2005-2-5 324232] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-18 3645456] S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-6-3 239216] S2 D-Link Wireless N Dual Band DWA-160 ;D-Link Wireless N Dual Band DWA-160 Service;c:\program files\d-link\dwa-160\ANIWZCSdS.exe [2014-3-25 126976] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-3 83568] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090115.004\naveng.sys [2009-1-16 89104] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090115.004\navex15.sys [2009-1-16 876112] S3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys --> c:\windows\system32\drivers\nbdrv.sys [?] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2014-4-14 18944] S3 RT80x86;D-Link 802.11n Wireless Driver;c:\windows\system32\drivers\Drt2860.sys [2011-12-29 1329632] S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2005-8-19 124608] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-4-30 14336] S4 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\d-link\dwa-525 reva\ANIWZCSdS.exe [2011-12-29 126976] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2014-04-22 17:59:52 -------- d-----w- C:\FRST 2014-04-16 15:13:53 -------- d-----w- c:\program files\M-Audio 2014-04-16 15:13:41 -------- d-----w- c:\documents and settings\all users\application data\AVID 2014-04-14 09:07:30 -------- d-----w- c:\documents and settings\mr. bojangles\application data\STV Software 2014-04-14 09:07:22 -------- d-----w- c:\program files\SensorsViewPro43 2014-04-14 08:50:41 2944 ----a-w- c:\windows\system32\mbmiodrvr.sys 2014-04-14 08:50:39 -------- d-----w- c:\program files\Motherboard Monitor 5 2014-04-14 08:16:21 155648 ----a-w- c:\windows\system32\igfxres.dll 2014-04-14 06:45:07 -------- d-----w- c:\program files\iPod 2014-04-14 06:45:01 -------- d-----w- c:\program files\iTunes 2014-04-14 06:45:01 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-14 06:43:48 18944 ----a-w- c:\windows\system32\drivers\netaapl.sys 2014-04-14 06:43:47 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll 2014-04-14 06:43:20 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2014-04-14 06:43:17 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll 2014-04-14 06:42:43 -------- d-----w- c:\program files\Bonjour 2014-04-14 04:54:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2014-04-14 04:54:56 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2014-04-14 04:37:10 -------- d-----w- c:\program files\Broadcom 2014-04-14 04:35:31 -------- d-----w- c:\program files\Sonic 2014-04-14 04:35:31 -------- d-----w- c:\program files\common files\SureThing Shared 2014-04-14 04:32:17 26624 ------w- c:\windows\system32\drivers\phidmice.SYS 2014-04-14 04:32:17 19456 ------w- c:\windows\system32\drivers\pmouself.SYS 2014-04-14 04:32:17 10240 ------w- c:\windows\system32\drivers\pvendrlf.SYS 2014-04-14 04:32:16 10240 ----a-w- c:\windows\system32\drivers\PELVENDR.SYS 2014-04-14 04:32:15 18944 ------w- c:\windows\system32\drivers\PELMOUBT.SYS 2014-04-14 04:32:15 13312 ------w- c:\windows\system32\drivers\PELBTM.SYS 2014-04-14 02:26:41 21376 ----a-w- c:\windows\system32\drivers\psadd.sys 2014-04-13 18:03:57 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-04-13 17:43:04 -------- d-----w- c:\documents and settings\mr. bojangles\application data\library_dir 2014-04-13 17:42:33 -------- d-----w- c:\documents and settings\mr. bojangles\application data\Raptr 2014-04-13 17:41:57 -------- d-----w- c:\program files\Raptr 2014-04-13 16:08:35 -------- d-----w- c:\program files\SpeedFan . ==================== Find3M ==================== . 2014-04-19 20:16:25 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2014-04-18 15:55:37 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2014-04-18 15:55:36 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll 2014-04-18 15:55:33 31560 ----a-w- c:\windows\system32\LMIport.dll 2014-04-18 15:55:32 85832 ----a-w- c:\windows\system32\LMIinit.dll 2014-04-18 05:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2014-04-13 18:03:38 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-04-12 05:31:27 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak 2014-04-12 05:31:21 85832 ----a-w- c:\windows\system32\LMIinit.dll.000.bak 2014-03-31 06:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2014-03-27 12:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2014-03-27 12:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2014-03-27 12:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2014-03-27 12:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys 2014-03-27 12:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2014-03-27 12:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2014-03-25 20:27:02 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-03-24 21:50:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-24 21:50:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2011-08-15 13:49:55 493344 ----a-w- c:\program files\ShellExt.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A534AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008e[0x8A549F18] 5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A537D98] kernel: MBR read successfully _asm { JMP 0x10; } user != kernel MBR !!! . ============= FINISH: 9:05:09.12 =============== #Attach.txt is a .rar attachment attach.rar
  6. Need to speak to moderator

  7. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2014 Ran by Mr. Bojangles at 2014-04-23 04:01:41 Running from C:\Documents and Settings\Mr. Bojangles\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Symantec Client Firewall (Disabled) {5CB76A43-5FAD-476B-B9FF-26FA61F13187} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.) 2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft) AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - ) Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 1.00 - ) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Addictive Drums (HKLM\...\Addictive Drums) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Audition CS5.5 (HKLM\...\{D5B1535A-FDFC-4B40-B2E2-21DA83D9CB57}) (Version: 4.0 - Adobe Systems Incorporated) Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Aimersoft Video Converter Ultimate(Build 5.5.1.0) (HKLM\...\Aimersoft Video Converter Ultimate_is1) (Version: 5.5.1.0 - Aimersoft Software) Alarm 2.0.4 (HKLM\...\Alarm_is1) (Version: - Bluefive software) AltoMP3 Gold 5.20 (HKLM\...\AltoMP3 Gold) (Version: 5.20 - Thomas Yuan) Antares Auto-Tune Evo VST (HKLM\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies) Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies) AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.0.5.292 - AVG Technologies) AviSynth 2.5 (HKLM\...\AviSynth) (Version: - ) BOINC (HKLM\...\{818AD66C-A54A-409E-8489-2F2548F0880E}) (Version: 7.0.64 - Space Sciences Laboratory, U.C. Berkeley) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.05.02 - Broadcom Corporation) Business Contact Manager for Outlook 2007 SP1 (HKLM\...\Business Contact Manager) (Version: 3.0.7311.0 - Microsoft Corporation) Business Contact Manager for Outlook 2007 SP1 (Version: 3.0.7311.0 - Microsoft Corporation) Hidden CamStudio OSS Desktop Recorder (HKLM\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team) CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform) Client Security Solution (HKLM\...\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}) (Version: 7.00.0022.00 - Lenovo Group Limited) Collab (HKLM\...\Collab) (Version: - Image-Line bvba) Cool Edit Pro 2.1 (HKLM\...\Cool Edit Pro 2.1) (Version: - ) CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform) Diskeeper Lite (HKLM\...\{796E076A-82F7-4D49-98C8-DEC0C3BC733A}) (Version: 9.0.541 - Diskeeper Corporation) D-Link DWA-160 (HKLM\...\{294A97F8-CC15-41F7-8718-CEE6B0C7D7E0}) (Version: - D-Link Corporation) D-Link DWA-525 (HKLM\...\{1DEB8A37-56C9-4E41-9102-171D8EC91DF0}) (Version: 1.00.0000 - D-Link) Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - ) FL Studio 8 (HKLM\...\FL Studio 8) (Version: - Image-Line bvba) Flux_StereoTool (HKLM\...\{48A404E2-0A25-4CEF-AB87-8626BD1B0F2C}) (Version: 2.4.8.14315 - Flux:: sound and picture development) Freez iPod Video Converter (HKLM\...\Freez iPod Video Converter 1.5_is1) (Version: 1.5 - www.smallvideosoft.com) GDR 3073 for SQL Server Database Services 2005 ENU (KB954606) (HKLM\...\KB954606_SQL9) (Version: 9.2.3073 - Microsoft Corporation) Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden GoPro CineForm Studio 1.3.2 (HKLM\...\GoPro CineForm Studio) (Version: 1.3.2 - CineForm, Inc & GoPro, Inc.) Guitar Pro 4.0 (HKLM\...\Guitar Pro 4.0) (Version: - ) Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - ) Help Center (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 1.03 - ) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line bvba) ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy) InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.308 - InterVideo Inc.) InterVideo WinDVD Creator 3 (HKLM\...\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}) (Version: 3.0.01.196 - InterVideo Inc.) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LAV Filters 0.51.3 (HKLM\...\lavfilters_is1) (Version: 0.51.3 - Hendrik Leppkes) Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.66 - Lenovo) LiveReg (Symantec Corporation) (HKLM\...\LiveReg) (Version: 2.4.2.2295 - Symantec Corporation) LogMeIn (HKLM\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.) Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) M-Audio Fast Track Pro 6.1.10 (x86) (HKLM\...\{13C43B9E-5AF3-434B-A7F8-25DF9981CD43}) (Version: 6.1.10 - M-Audio) Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 1.05 - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Corporation RATTV3 (HKLM\...\RATTV3) (Version: - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Search Enhancement Pack (Version: 1.2.123.0 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden Motherboard Monitor 5 (HKLM\...\Motherboard Monitor 5_is1) (Version: 5 - Alexander van Kaam) Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MP4 To MP3 Converter V3.0.4 (HKLM\...\MP4 To MP3 Converter_is1) (Version: - http://www.MP4ToMP3Converter.net) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB954459) (HKLM\...\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}) (Version: 6.20.1099.0 - Microsoft Corporation) MTP Porting Kit (HKLM\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp) Notepad++ (HKLM\...\Notepad++) (Version: 6.4.1 - Notepad++ Team) OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Pack Vista Inspirat 2 1.0 (HKLM\...\Pack Vista Inspirat 2) (Version: 1.0 - Bricomix) PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4240.03 - PC-Doctor, Inc.) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.) PoiZone (HKLM\...\PoiZone) (Version: - Image-Line bvba) PokerStars (HKLM\...\PokerStars) (Version: - PokerStars) Productivity Center Supplement for ThinkCentre (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 3.00b - ) Python 2.7 (HKLM\...\{20c31435-2a0a-4580-be8b-ac06fc243ca4}) (Version: 2.7.150 - Python Software Foundation) Python 2.7 matplotlib-1.2.0 (HKLM\...\matplotlib-py2.7) (Version: - ) Python 2.7 scipy-0.12.0 (HKLM\...\scipy-py2.7) (Version: - ) Python 2.7 setuptools-0.6c11 (HKLM\...\setuptools-py2.7) (Version: - ) Python 2.7.5 (Anaconda 1.6.0 32-bit) (HKLM\...\Python 2.7.5 (Anaconda 1.6.0 32-bit)) (Version: 1.6.0 - Continuum Analytics) QuickShare (HKLM\...\{A35C3D8E-5E46-442E-A7DA-A2D7487D40BC}) (Version: 1.6.1.905 - Linkury Inc.) <==== ATTENTION QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team) Raptr (HKLM\...\Raptr) (Version: - ) Real Time Relativity v1.6.0 (HKLM\...\{0DFC5A30-1D57-4EF6-ABDA-C58C4DC1475B}) (Version: 1.6.0 - Australian National University) RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4.2 - Sonic Solutions) RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4.2 - Sonic Solutions) RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4.2 - Sonic Solutions) Remove Multimedia Center (HKLM\...\Remove Multimedia Center) (Version: - ) Rescue and Recovery (HKLM\...\{7726CF62-7B45-4E6D-9266-615346816BCA}) (Version: 3.10.0022.00 - Lenovo Group Limited) Rescue and Recovery Critical Patch for Windows Update (KB917422) (HKLM\...\{83E5061B-A69A-46AD-A780-1DA6569FF283}) (Version: 1.00.0004 - Lenovo Group Limited.) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden SensorsView Pro 4.3 (HKLM\...\SensorsView Pro 4.3) (Version: - STV Software) SkyGazer 4 (HKLM\...\{B7B28A98-604D-4D1F-888F-CAC53E5E19BE}) (Version: 4.0.5 - Carina Software) Skype™ 3.8 (HKLM\...\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}) (Version: 3.8.154 - Skype Technologies S.A.) Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Sonic Solutions) Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0.2 - Sonic Solutions) Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 1.0.2 - Lenovo) Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions) Sony Media Manager 2.2 (HKLM\...\{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}) (Version: 2.2.58 - Sony) Sony Vegas 7.0 (HKLM\...\{251C3815-7A55-4607-A82D-C3B98F0FBAB8}) (Version: 7.0.115 - Sony) Sothink Video Converter (HKLM\...\{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1) (Version: 3.6 - SourceTec Software Co., LTD) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4325 - Analog Devices) SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - ) Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB) Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Symantec Client Security (HKLM\...\{1BA1A958-4BBB-4AB1-9B66-C86CEC6616CB}) (Version: 10.0.846.0 - Symantec Corporation) System Migration Assistant (HKLM\...\{9D22599D-E1F4-4934-8B4D-2BBA46662251}) (Version: 5.10.0032 - Lenovo Group Limited.) System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC) System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.16.0006 - Lenovo) ThinkVantage Away Manager (HKLM\...\AwayTask) (Version: 2.0.6.0 - ) ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.11 - Lenovo) ThinkVantage Technologies Welcome Message (Version: 1.13 - ) Hidden Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line bvba) Update for Microsoft Office Outlook 2007 (KB952142) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{4AD3A076-427C-491F-A5B7-7D1DE788A756}) (Version: - Microsoft) Update for Office 2007 (KB946691) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft) Update for Outlook 2007 Junk Email Filter (kb959141) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CC6191C2-B0CE-473C-AD77-61EA3497D796}) (Version: - Microsoft) Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) Wallpapers (Version: 2.0 - Lenovo) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Winamp (HKLM\...\Winamp) (Version: 5.623 - Nullsoft, Inc) WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - ) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Connect (Version: - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Mobile Device Updater Component (Version: 04.07.1404.01 - Microsoft Corporation) Hidden WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinX Free MOV to AVI Converter 4.1.9 (HKLM\...\WinX Free MOV to AVI Converter_is1) (Version: - Digiarty Software,Inc.) Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.) Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) XP Themes (Version: 1.00.0000 - Lenovo) Hidden Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation) Zune (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.07.1404.01 - Microsoft Corporation) Hidden ==================== Restore Points ========================= ==================== Hosts content: ========================== 2006-04-30 16:55 - 2013-03-09 03:47 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-MRBOJANGLES-Mr. Bojangles.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B0CC9A6F-834D-47FF-9C2A-B9379DCECD3B}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-25 06:30 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files\D-Link\DWA-160\ANIWConnService.exe 2011-12-03 04:38 - 2011-12-03 04:38 - 00935424 _____ () C:\Program Files\SensorsViewPro43\svservice.exe 2006-07-15 11:35 - 2006-07-15 11:35 - 00139264 ____N () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll 2009-01-09 06:54 - 2008-09-17 14:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll 2012-06-19 01:24 - 2012-06-19 01:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll 2013-06-18 23:57 - 2013-03-25 10:57 - 00153088 _____ () C:\WINDOWS\system32\AiCM32.dll 2006-07-15 09:52 - 2006-07-15 09:52 - 00045056 ____N () C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe 2014-03-26 06:27 - 2014-03-26 06:27 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe 2014-03-26 06:27 - 2014-03-26 06:27 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll 2006-07-15 11:36 - 2006-07-15 11:36 - 00022016 ____N () C:\Program Files\Common Files\Lenovo\Logger\logmon.exe 2013-12-28 13:39 - 2014-03-26 06:27 - 01603608 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll 2013-12-28 13:39 - 2014-03-26 06:27 - 02544664 _____ () C:\Program Files\AVG Secure Search\vprot.exe 2011-12-29 18:38 - 2011-12-29 18:38 - 00073728 ____N () C:\WINDOWS\system32\ANPDApi.dll 2014-03-25 06:30 - 2011-09-14 13:56 - 00294912 _____ () C:\Program Files\D-Link\DWA-160\WlanApp.dll 2014-04-22 08:23 - 2014-04-22 08:23 - 00041984 _____ () C:\Documents and Settings\Mr. Bojangles\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprr7mgl.dll 2013-08-24 05:01 - 2013-08-24 05:01 - 25100288 _____ () C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox\bin\libcef.dll 2014-04-14 14:32 - 2008-11-20 16:27 - 00020480 ____N () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE 2014-04-01 21:08 - 2014-04-01 21:08 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-03-26 06:27 - 2014-03-26 06:27 - 00688664 _____ () C:\Program Files\Common Files\AVG Secure Search\NativeBrowserApi\18.0.5\NativeBrowserApi.dll 2014-03-25 07:50 - 2014-03-25 07:50 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Program Files\Outlook Express:H01S82PoLIZYQApdZMtWDHN AlternateDataStreams: C:\Program Files\Common Files\System:ptBlIicxFt7CxjTpRTV AlternateDataStreams: C:\Program Files\Common Files\System:zMPcfWno2EGGJSmRnq3kSztceFN AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:cWTVkqMUeqVl44oMycJW AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:zX2k3tTbXQCGSXQafjP1pyaSrp AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:054203E4 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CineForm Status.lnk => C:\WINDOWS\pss\CineForm Status.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\WINDOWS\pss\Google Calendar Sync.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RATT.lnk => C:\WINDOWS\pss\RATT.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^Mr. Bojangles^Start Menu^Programs^Startup^Y'z Shadow.lnk => C:\WINDOWS\pss\Y'z Shadow.lnkStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AMSG => C:\Program Files\ThinkVantage\AMSG\Amsg.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: AwaySch => C:\Program Files\Lenovo\AwayTask\AwaySch.EXE MSCONFIG\startupreg: boincmgr => "C:\Program Files\BOINC\boincmgr.exe" /a /s MSCONFIG\startupreg: boinctray => "C:\Program Files\BOINC\boinctray.exe" MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" MSCONFIG\startupreg: cssauth => "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent MSCONFIG\startupreg: D-Link D-Link DWA-525 => C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe MSCONFIG\startupreg: DiskeeperSystray => "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" MSCONFIG\startupreg: DLA => C:\WINDOWS\System32\DLA\DLACTRLW.EXE MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LPManager => C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe MSCONFIG\startupreg: M-Audio Taskbar Icon => C:\WINDOWS\system32\M-AudioTaskBarIcon.exe MSCONFIG\startupreg: Mouse Suite 98 Daemon => ICO.EXE MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PDService.exe => "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: vptray => C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe" MSCONFIG\startupreg: WZCSLDR2 => C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe ==================== Faulty Device Manager Devices ============= Name: Broadcom NetLink Gigabit Ethernet Description: Broadcom NetLink Gigabit Ethernet Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Broadcom Service: b57w2k Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/23/2014 00:57:26 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/23/2014 00:27:26 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/22/2014 08:24:34 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/22/2014 08:24:28 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/22/2014 00:30:40 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/22/2014 00:00:39 AM) (Source: Symantec AntiVirus) (User: ) Description: Symantec AntiVirus has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer. Error: (04/21/2014 03:42:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 39468 Error: (04/21/2014 03:42:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 39468 Error: (04/21/2014 03:42:31 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/21/2014 03:42:29 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37515 System errors: ============= Error: (04/22/2014 08:24:05 AM) (Source: Service Control Manager) (User: ) Description: The SAVRT service failed to start due to the following error: %%31 Error: (04/22/2014 08:24:04 AM) (Source: 0) (User: ) Description: Error: (04/22/2014 08:23:48 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (04/22/2014 08:23:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (04/22/2014 08:22:38 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SAVRT Error: (04/22/2014 08:21:18 AM) (Source: Service Control Manager) (User: ) Description: The Symantec Network Proxy service terminated with service-specific error 4294967295 (0xFFFFFFFF). Error: (04/22/2014 08:20:26 AM) (Source: 0) (User: ) Description: Error: (04/22/2014 03:05:13 AM) (Source: Dhcp) (User: ) Description: The IP address lease 10.1.1.5 for the Network Card with network address 9CD64302AF19 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message). Error: (04/21/2014 03:45:06 PM) (Source: 0) (User: ) Description: {7195727A-5667-4970-8430-3FFFD09D0F69} Error: (04/21/2014 03:42:19 PM) (Source: 0) (User: ) Description: {7195727A-5667-4970-8430-3FFFD09D0F69} Microsoft Office Sessions: ========================= Error: (05/01/2012 04:01:38 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: 6Microsoft Office Outlook12.0.6316.500012.0.6215.1000680 ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 2038.35 MB Available physical RAM: 647.97 MB Total Pagefile: 3923.08 MB Available Pagefile: 2149.05 MB Total Virtual: 2047.88 MB Available Virtual: 1928.64 MB ==================== Drives ================================ Drive c: (Preload) (Fixed) (Total:142.9 GB) (Free:63.24 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (DWA-160) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF Drive e: (My Documents ext HDD) (Fixed) (Total:2794.51 GB) (Free:2322.51 GB) NTFS ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  8. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014 Ran by Mr. Bojangles (administrator) on MRBOJANGLES on 23-04-2014 04:00:19 Running from C:\Documents and Settings\Mr. Bojangles\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\D-Link\DWA-160\ANIWConnService.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (M-Audio) C:\Program Files\M-Audio\Fast Track Pro\AudioDevMon.exe (SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe (Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\WINDOWS\system32\netdde.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe () C:\Program Files\SensorsViewPro43\svservice.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe () C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe (Microsoft Corporation) c:\Program Files\Zune\WMZuneComm.exe () C:\Program Files\Common Files\Lenovo\Logger\logmon.exe (Microsoft Corporation) c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation) c:\Program Files\Zune\ZuneNss.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (AimerSoft) C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) c:\Program Files\Zune\ZuneWlanCfgSvc.exe () C:\Program Files\AVG Secure Search\vprot.exe (D-Link Corp.) C:\Program Files\D-Link\DWA-160\AirNCFG.exe (Wireless Service) C:\Program Files\D-Link\DWA-160\WZCSLDR2.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe (Dropbox, Inc.) C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe () C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Primax Electronics Ltd.) C:\Program Files\Lenovo\Lenovo Mouse Suite\Pelmiced.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TVT Scheduler Proxy] => C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-03-04] (Lenovo Group Limited) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.) HKLM\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1734144 2013-05-29] (AimerSoft) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2544664 2014-03-26] () HKLM\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] => C:\Program Files\D-Link\DWA-160\AirNCFG.exe [1078592 2011-11-02] (D-Link Corp.) HKLM\...\Run: [D-Link Wireless N Dual Band DWA-160 WZCSLDR2] => C:\Program Files\D-Link\DWA-160\WZCSLDR2.exe [122880 2010-07-12] (Wireless Service) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Daemon for Mouse Suite] => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [69632 2013-03-26] (Primax Electronics Ltd.) HKLM\...\Run: [LPManager] => C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] => C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) Winlogon\Notify\AwayNotify: C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) HKU\S-1-5-21-2838019926-1718427338-2428480347-1008\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Documents and Settings\Mr. Bojangles\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=Unknown /CMPID=1213b Startup: C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search) Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\dtd8zko4.default-1366250982031 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, http://www.openssl.org/) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, http://www.openssl.org/) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: Lightbeam - C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\dtd8zko4.default-1366250982031\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-05] FF Extension: Easy YouTube Video Downloader - C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\dtd8zko4.default-1366250982031\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013-04-18] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292 FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292 [2014-03-26] Chrome: ======= CHR DefaultSearchKeyword: google.com.au CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Drive) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08] CHR Extension: (iTim Text (+MMS)) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apfndjnhpopclkbidgimpggjdbkedogo [2013-01-08] CHR Extension: (YouTube) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08] CHR Extension: (Google Search) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08] CHR Extension: (Google Wallet) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24] CHR Extension: (Gmail) - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08] CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Smartbar/Application\1Extension.crx [2013-01-08] ========================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-03] (Symantec Corporation) S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-03] (Symantec Corporation) S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-03] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-03] (Symantec Corporation) S2 D-Link Wireless N Dual Band DWA-160 ; C:\Program Files\D-Link\DWA-160\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service) R2 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-12] () R2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-08-19] (Symantec Corporation) R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [622700 2006-05-24] (Diskeeper Corporation) S4 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2010-04-22] (Wireless Service) R2 FastTrackProAudioDevMon; C:\Program Files\M-Audio\Fast Track Pro\AudioDevMon.exe [1688336 2013-05-23] (M-Audio) R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.) R2 IPSSVC; C:\WINDOWS\system32\IPSSVC.EXE [73728 2006-06-19] (Lenovo Group Limited) R2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-07-21] (Symantec Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-08] (Native Instruments GmbH) S3 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-08-19] (symantec) R2 SensorsVService; C:\Program Files\SensorsViewPro43\svservice.exe [935424 2011-12-03] () R2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-06] (Symantec Corporation) S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-31] (Symantec Corporation) S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) R2 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2013-07-10] (Lenovo Group Limited) R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1730240 2005-08-19] (Symantec Corporation) R2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [202368 2005-07-21] (Symantec Corporation) R2 TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1122304 2008-03-04] (Lenovo Group Limited) R2 tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [45056 2006-07-15] () R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-26] (AVG Secure Search) R2 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57072 2010-11-11] (Microsoft Corporation) S4 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [X] S3 PsaSrv; C:\WINDOWS\system32\PsaSrv.exe [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation) S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation) R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [365056 2012-08-07] (SafeNet Inc.) R2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2011-12-29] () R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-26] (AVG Technologies) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2006-02-02] (Sonic Solutions) R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-19] (Sonic Solutions) R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2006-02-02] (Sonic Solutions) R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2006-02-02] (Sonic Solutions) R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2006-02-02] (Sonic Solutions) R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2006-02-02] (Sonic Solutions) R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-19] (Sonic Solutions) R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2006-02-02] (Sonic Solutions) R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2006-02-02] (Sonic Solutions) R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-11-18] (Sonic Solutions) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2008-12-18] (Symantec Corporation) R2 EGATHDRV; C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [5427 2014-04-20] (IBM Corporation) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] () R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [605128 2012-09-27] (SafeNet Inc.) S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-08] (Windows ® Server 2003 DDK provider) R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.) R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41504 2007-02-04] (Logitech Inc.) R3 MAUSBFASTTRACKPRO; C:\WINDOWS\System32\DRIVERS\MAudioFastTrackPro.sys [149520 2013-05-23] (M-Audio) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 mbmiodrvr; C:\WINDOWS\system32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com) S3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090115.004\NAVENG.SYS [89104 2008-12-18] (Symantec Corporation) S3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090115.004\NAVEX15.SYS [876112 2008-12-18] (Symantec Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R3 pelmouse; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [19456 2012-11-28] (TPMX Electronics Ltd.) R3 pelusblf; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [26624 2013-03-19] (TPMX Electronics Ltd.) S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [490784 2007-02-04] (Logitech Inc.) R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-01-08] (Microsoft Corporation) R2 PrivateDisk; C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [58368 2006-03-14] (Utimaco Safeware AG) R2 PROCDD; C:\WINDOWS\System32\DRIVERS\PROCDD.SYS [5120 2006-06-19] (Lenovo Group Limited) R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [1209408 2011-09-06] (Ralink Technology, Corp.) S3 RT80x86; C:\WINDOWS\System32\DRIVERS\DRT2860.sys [1329632 2010-04-22] (Ralink Technology, Corp.) S1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-05] (Symantec Corporation) R1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-05] (Symantec Corporation) R1 sensorsview; C:\Program Files\SensorsViewPro43\drv\sensorsview32.sys [14416 2008-07-27] (OpenLibSys.org) R2 smi2; C:\Program Files\SMI2\smi2.sys [3968 2006-07-15] (IBM Corp.) S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-31] (Symantec Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software) S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [11512 2005-04-06] (Symantec Corporation) R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123200 2005-04-02] (Symantec Corporation) S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [173208 2005-04-06] (Symantec Corporation) S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [36984 2005-04-06] (Symantec Corporation) S3 SYMIDSCO; C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090113.001\SymIDSCo.sys [250224 2008-09-12] (Symantec Corporation) S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [47192 2005-04-06] (Symantec Corporation) S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [17976 2005-04-06] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [267192 2005-04-06] (Symantec Corporation) R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.) R3 TVTPktFilter; C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys [17664 2006-07-15] (Lenovo Group Limited) R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2010-09-24] (Microsoft Corporation) S4 LMIRfsClientNP; No ImagePath S3 Nbdrv; system32\DRIVERS\nbdrv.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) ========================== Drivers MD5 ======================= C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 6ABB91494FE6C59089B9336452AB2EA3 C:\WINDOWS\System32\drivers\ac97intc.sys 0F2D66D5F08EBE2F77BB904288DCF6F0 C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\ADIHdAud.sys 45E7A5E6963FA9D69CB85F50A271E3DF C:\WINDOWS\system32\DRIVERS\adpu160m.sys 9A11864873DA202C996558B2106B0BBC C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys 7E775010EF291DA96AD17CA4B17137D7 C:\WINDOWS\system32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7 C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 03A7E0922ACFE1B07D5DB2EEB0773063 C:\WINDOWS\system32\DRIVERS\aha154x.sys C23EA9B5F46C7F7910DB3EAB648FF013 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 19DD0FB48B0C18892F70E2E7D61A1529 C:\WINDOWS\system32\DRIVERS\aic78xx.sys B7FE594A7468AA0132DEB03FB8E34326 C:\WINDOWS\system32\drivers\aksfridge.sys C6397472A8788505FB23C85441837978 C:\WINDOWS\system32\DRIVERS\aliide.sys 1140AB9938809700B46BB88E46D72A96 C:\WINDOWS\system32\DRIVERS\alim1541.sys CB08AED0DE2DD889A8A820CD8082D83C C:\WINDOWS\system32\DRIVERS\amdagp.sys 95B4FB835E28AA1336CEEB07FD5B9398 C:\WINDOWS\system32\DRIVERS\amsint.sys 79F5ADD8D24BD6893F2903A3E2F3FAD6 C:\WINDOWS\system32\ANPD.sys D33B28D9ED695CCF9520D70D825F9D85 C:\WINDOWS\system32\DRIVERS\asc.sys 62D318E9A0C8FC9B780008E724283707 C:\WINDOWS\system32\DRIVERS\asc3350p.sys 69EB0CC7714B32896CCBFD5EDCBEA447 C:\WINDOWS\system32\DRIVERS\asc3550.sys 5D8DE112AA0254B907861E9E9C31D597 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\System32\DRIVERS\avgdiskx.sys B4A79941AB02993E43A6C2248CE932FD C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys 92CA68E3361576420C43FC33C47DECF7 C:\WINDOWS\System32\DRIVERS\avgidshx.sys 4D792ED58F49235704E580C34391CFF5 C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys 18B3FFED808F032E037ED7F54A838053 C:\WINDOWS\System32\DRIVERS\avgldx86.sys 578ECC3D911897B2C5B760EDAF8ED6CA C:\WINDOWS\System32\DRIVERS\avglogx.sys BD1A440B9F126AFE52978A44952B0018 C:\WINDOWS\System32\DRIVERS\avgmfx86.sys 7DC192EC714342E7C020C7CF42E394D8 C:\WINDOWS\System32\DRIVERS\avgrkx86.sys E6322DF686CE1C59D7797FAEF0732454 C:\WINDOWS\System32\DRIVERS\avgtdix.sys E98603F9D1F412F38ADF2F76053F9E5A C:\WINDOWS\system32\drivers\avgtpx86.sys 06AEB065AC25A2CFF80E1DF0303EC55B C:\WINDOWS\System32\DRIVERS\b57xp32.sys 452649BD89CE0775CF3E25EC2A5B348D C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 248DFA5762DDE38DFDDBBD44149E9D7A C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys F3EC03299634490E97BBCE94CD2954C7 C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACC C:\WINDOWS\system32\DRIVERS\cmdide.sys E5DCB56C533014ECBC556A8357C929D5 C:\WINDOWS\system32\DRIVERS\cpqarray.sys 3EE529119EED34CD212A215E8C40D4B6 C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5 C:\WINDOWS\system32\DRIVERS\dac2w2k.sys E550E7418984B65A78299D248F0A7F36 C:\WINDOWS\system32\DRIVERS\dac960nt.sys 683789CAA3864EB46125AE86FF677D34 C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 35CBC02546335EA41A5D516DA6626C8A C:\WINDOWS\System32\Drivers\DLACDBHM.SYS EC6AE8BC9F773382D2EED49E4DFDAE2A C:\WINDOWS\System32\DLA\DLADResN.SYS 19E3DB16DE2BB3DB81B172A78D140B03 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS E4859CA5BD8412A9A60D62067A653522 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20C24A3D1CF0825487C93F806625805E C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8A530DA5DC81954BCF1966813F699B49 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 0605B66052F82B6F07204DBDB61C13FF C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 7EDA68AF6A91BF64AF6F301E39928EBF C:\WINDOWS\System32\DLA\DLAUDF_M.SYS A18423BBC6D92B01FDF3C51E7510EE70 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\system32\DRIVERS\dpti2o.sys 40F3B93B4E5B0126F2F5C0A7A5E22660 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\System32\Drivers\DRVMCDB.SYS 48C7008D23DCFCE0D0232F49307EFCED C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 05467E44A42C777DD1534BB4539B16D1 C:\WINDOWS\System32\DRIVERS\e100b325.sys 3FCA03CBCA11269F973B70FA483C88EF C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 47CE4E650D91DC095A2FDDB15631A78A C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 2D0FC676D159525F6CD74C3302C7A61C C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB C:\WINDOWS\System32\giveio.sys 77EBF3E9386DAA51551AF429052D88D0 C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\system32\drivers\hardlock.sys 3D6F9920F74FF2BD81EBAAAA7247969C C:\WINDOWS\System32\drivers\HdAudio.sys 2A013E7530BEAB6E569FAA83F517E836 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\system32\DRIVERS\hpn.sys B028377DEA0546A5FCFBA928A8AEFAE0 C:\WINDOWS\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9 C:\WINDOWS\system32\Drivers\i2omgmt.sys 9368670BD426EBEA5E8B18A62416EC28 C:\WINDOWS\system32\DRIVERS\i2omp.sys F10863BF1CCC290BABD1A09188AE49E0 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\igxpmp32.sys 85D42B7F0DD406ADF5E3EC7659A279EC C:\WINDOWS\system32\DRIVERS\iaStor.sys 309C4D86D989FB1FCF64BD30DC81C51B C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\system32\DRIVERS\ini910u.sys 4A40E045FAEE58631FD8D91AFC620719 C:\WINDOWS\system32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678 C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\drivers\iviaspi.sys F59C3569A2F2C464BB78CB1BDCDCA55E C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517 C:\Program Files\LogMeIn\x86\RaInfo.sys 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 C:\WINDOWS\System32\DRIVERS\lmimirr.sys 4477689E2D8AE6B78BA34C9AF4CC1ED1 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 3FAA563DDF853320F90259D455A01D79 C:\WINDOWS\System32\drivers\LVUSBSta.sys 64BC29C3A0388BFC580BB8B1346F7659 C:\WINDOWS\System32\DRIVERS\MAudioFastTrackPro.sys 3BFD7E2E64E2A5013F61B9287F93CFB1 C:\WINDOWS\system32\drivers\mbam.sys 4470E3C1E0C3378E4CAB137893C12C3A C:\WINDOWS\system32\mbmiodrvr.sys 290FB01F7F51EFF0960599404A09F8D6 C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\WINDOWS\system32\DRIVERS\mraid35x.sys 3F4BB95E5A44F3BE34824E8E7CAF0737 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 60AE98742484E7AB80C3C1450E708148 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\WINDOWS\system32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1 C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090115.004\NAVENG.SYS DC129D50E1EC3721C2F649754E465E4F C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090115.004\NAVEX15.SYS 6FCBC09C16F0A74822DC9605A8B35738 C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A C:\WINDOWS\System32\DRIVERS\netaapl.sys 9213AA35BCA94EB79D366DA254E4BDF5 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\DRIVERS\pelmouse.sys 0067A624F12C7BE0892AA47780676A09 C:\WINDOWS\System32\DRIVERS\pelusblf.sys 8E32F01CBD0F938EA815EB6DAB3EB4D8 C:\WINDOWS\system32\DRIVERS\perc2.sys 6C14B9C19BA84F73D3A86DBA11133101 C:\WINDOWS\system32\DRIVERS\perc2hib.sys F50F7C27F131AFE7BEBA13E14A3B9416 C:\WINDOWS\System32\DRIVERS\LV561AV.SYS 8A2D1F929D4FD287543663B1BEB7023F C:\WINDOWS\System32\drivers\pmemnt.sys DEDEF40E1D05842639491365CB2C069E C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys EBE579425CCB8377BFC7C0B50C05EB56 C:\WINDOWS\System32\DRIVERS\PROCDD.SYS 6F9E6E874FD74EE6DD0BBECDE9D3F795 C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26 C:\WINDOWS\System32\DRIVERS\psadd.sys 651D3ABC1D82D61B6CFB40CB947B3DB3 C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:\WINDOWS\system32\DRIVERS\ql1080.sys 0A63FB54039EB5662433CABA3B26DBA7 C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 6503449E1D43A0FF0201AD5CB1B8C706 C:\WINDOWS\system32\DRIVERS\ql12160.sys 156ED0EF20C15114CA097A34A30D8A01 C:\WINDOWS\system32\DRIVERS\ql1240.sys 70F016BEBDE6D29E864C1230A07CC5E6 C:\WINDOWS\system32\DRIVERS\ql1280.sys 907F0AEEA6BC451011611E732BD31FCF C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\WINDOWS\system32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\System32\DRIVERS\Drt2870.sys EB9ACD258C991CB0E65DF64B97683DC7 C:\WINDOWS\System32\DRIVERS\DRT2860.sys D60ED194C180B35C389E78FD41711ECA C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys A00D5AA4748A1002590F08AA00FC660D C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys 1E805005583BE1C1568A3FCE259C81E3 C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\Program Files\SensorsViewPro43\drv\sensorsview32.sys 845AF1BA23C8D5E64DEF61BCC441604C C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\system32\DRIVERS\sisagp.sys 6B33D0EBD30DB32E27D1D78FE946A754 C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\Program Files\SMI2\smi2.sys 3BA9D0C8A0FBD9FB4029B6CD87C8CE0B C:\WINDOWS\system32\DRIVERS\sparrow.sys 83C0F71F86D3BDAF915685F3D568B20E C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys C30FA11923892A4DBD1C747DB8492E8F C:\WINDOWS\System32\speedfan.sys DC8D2952FB6FFBAEC67BD1B93A34DF11 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\system32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 3BB03F2BA89D2BE417206C373D2AF17C C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\system32\DRIVERS\symc810.sys 1FF3217614018630D0A6758630FC698C C:\WINDOWS\system32\DRIVERS\symc8xx.sys 070E001D95CF725186EF8B20335F933C C:\WINDOWS\System32\Drivers\SYMDNS.SYS 1F0A3F93FECBA6E873E75AC34538708B C:\Program Files\Symantec\SYMEVENT.SYS B3F8B9EAB2EBE205C0FE053FBA951D8C C:\WINDOWS\System32\Drivers\SYMFW.SYS CA212638C07F7A1736667319589F416E C:\WINDOWS\System32\Drivers\SYMIDS.SYS 83A0415AB669AFE9F2B7FCCC52F23153 C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20090113.001\SymIDSCo.sys C87748B4A7541B81C9564ED5B3CF8697 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 2A8EBB694D702D91D8046B31C3DA2220 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 7C73B65F1BDFAB9052A5076C0CA622DE C:\WINDOWS\System32\Drivers\SYMTDI.SYS B4562798891DCA27ED67CA07ACBADBD9 C:\WINDOWS\system32\DRIVERS\sym_hi.sys 80AC1C4ABBE2DF3B738BF15517A51F2C C:\WINDOWS\system32\DRIVERS\sym_u3.sys BF4FAB949A382A8E105F46EBB4937058 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\system32\DRIVERS\toside.sys F2790F6AF01321B172AA62F8E1E187D9 C:\WINDOWS\system32\Drivers\TPkd.sys 5815AE5EF8519066F19E575D67F6F191 C:\WINDOWS\system32\drivers\tvtfilter.sys DD957007DF98AECFFAAA2656D4B981E4 C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys 0727CCE3FF1A4446F4A1D507361567AB C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\system32\DRIVERS\ultra.sys 1B698A51CD528D8DA4FFAED66DFC51B9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9 C:\WINDOWS\System32\drivers\usbaudio.sys E919708DB44ED8543A7C017953148330 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8 C:\WINDOWS\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7 C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\usbscan.sys A0B8CF9DEB1184FBDD20784A58FA75D4 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\system32\DRIVERS\viaagp.sys 754292CE5848B3738281B4F3607EAEF4 C:\WINDOWS\system32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7 C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647 C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\DRIVERS\wpdusb.sys C60DC16D4E406810FAD54B98DC92D5EC C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311 C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B C:\WINDOWS\System32\DRIVERS\zumbus.sys 337B9607F041B77824411750069AFF2D ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 04:00 - 2014-04-23 04:00 - 00050907 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\FRST.txt 2014-04-23 03:59 - 2014-04-23 04:00 - 00000000 ____D () C:\FRST 2014-04-23 03:58 - 2014-04-23 03:58 - 01048064 _____ (Farbar) C:\Documents and Settings\Mr. Bojangles\Desktop\FRST.exe 2014-04-23 03:45 - 2014-04-23 03:47 - 00000099 _____ () C:\tvttemp.txt 2014-04-17 01:14 - 2014-04-17 01:14 - 00075592 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-04-17 01:14 - 2014-04-17 01:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\M-Audio 2014-04-17 01:14 - 2014-04-17 01:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio 2014-04-17 01:13 - 2014-04-17 01:13 - 00000000 ____D () C:\Program Files\M-Audio 2014-04-17 01:13 - 2014-04-17 01:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVID 2014-04-14 23:46 - 2014-04-14 23:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search 2014-04-14 19:07 - 2014-04-14 19:07 - 00000745 _____ () C:\Documents and Settings\All Users\Desktop\SensorsView Pro 4.3.lnk 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Program Files\SensorsViewPro43 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\My Documents\Beabeada 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\STV Software 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SensorsView Pro 4.3 2014-04-14 18:50 - 2014-04-14 18:52 - 00000000 ____D () C:\Program Files\Motherboard Monitor 5 2014-04-14 18:50 - 2014-04-14 18:52 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\MBM 5 2014-04-14 18:50 - 2014-04-14 18:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MBM 5 2014-04-14 18:50 - 2004-04-10 09:42 - 00002944 _____ (cansoft@livewiredev.com) C:\WINDOWS\system32\mbmiodrvr.sys 2014-04-14 18:16 - 2006-08-14 14:37 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxres.dll 2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\WINDOWS\system32\Lang 2014-04-14 18:11 - 2006-08-24 13:05 - 00397312 _____ (Intel® Corporation) C:\WINDOWS\system32\igxpun.exe 2014-04-14 18:11 - 2006-08-14 16:30 - 00022416 _____ () C:\WINDOWS\system32\igxpxs32.vp 2014-04-14 18:11 - 2006-08-14 16:24 - 00192512 _____ () C:\WINDOWS\system32\igfxCoIn_v4670.dll 2014-04-14 18:11 - 2006-08-14 16:01 - 02076160 _____ (Intel Corporation) C:\WINDOWS\system32\igxpdx32.dll 2014-04-14 18:11 - 2006-08-14 16:00 - 01109568 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys 2014-04-14 18:11 - 2006-08-14 15:59 - 01304320 _____ (Intel Corporation) C:\WINDOWS\system32\igxpdv32.dll 2014-04-14 18:11 - 2006-08-14 15:59 - 00140288 _____ (Intel Corporation) C:\WINDOWS\system32\igxpgd32.dll 2014-04-14 18:11 - 2006-08-14 15:59 - 00048128 _____ (Intel Corporation) C:\WINDOWS\system32\igxprd32.dll 2014-04-14 18:11 - 2006-08-14 15:03 - 01208320 _____ (Intel Corporation) C:\WINDOWS\system32\ig4dev32.dll 2014-04-14 18:11 - 2006-08-14 15:00 - 02416640 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd32.dll 2014-04-14 18:11 - 2006-08-14 14:41 - 00450560 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcfg.exe 2014-04-14 18:11 - 2006-08-14 14:41 - 00176128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00176128 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00172032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresp.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00167936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00167936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00159744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00159744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00159744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00159744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00159744 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00147456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00143360 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00139264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00114688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00114688 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00114688 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe 2014-04-14 18:11 - 2006-08-14 14:41 - 00110592 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe 2014-04-14 18:11 - 2006-08-14 14:41 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc 2014-04-14 18:11 - 2006-08-14 14:41 - 00023552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll 2014-04-14 18:11 - 2006-08-14 14:39 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe 2014-04-14 18:11 - 2006-08-14 14:39 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl 2014-04-14 18:11 - 2006-08-14 14:38 - 03276800 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll 2014-04-14 18:11 - 2006-08-14 14:38 - 00098304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll 2014-04-14 18:11 - 2006-08-14 14:38 - 00094208 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe 2014-04-14 18:11 - 2006-08-14 14:37 - 00188416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe 2014-04-14 18:11 - 2006-08-14 14:37 - 00163840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll 2014-04-14 18:11 - 2006-08-14 14:37 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc 2014-04-14 18:11 - 2006-08-14 14:37 - 00155648 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll 2014-04-14 18:11 - 2006-08-14 14:37 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll 2014-04-14 18:11 - 2006-08-14 14:37 - 00043520 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll 2014-04-14 18:11 - 2006-08-14 14:27 - 00524850 _____ () C:\WINDOWS\system32\igxpxa32.cpa 2014-04-14 18:11 - 2006-08-14 14:27 - 00058704 _____ () C:\WINDOWS\system32\igxpxk32.vp 2014-04-14 18:11 - 2006-08-14 14:27 - 00000929 _____ () C:\WINDOWS\system32\igxpxa32.vp 2014-04-14 18:11 - 2006-04-21 10:13 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\difx32.dll 2014-04-14 17:27 - 2014-04-14 17:27 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Desktop\1234 2014-04-14 17:01 - 2014-04-14 17:01 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Program Files\iTunes 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Program Files\iPod 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-14 16:44 - 2014-04-21 21:30 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-04-14 16:44 - 2014-04-14 16:44 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2014-04-14 16:44 - 2014-04-14 16:44 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-04-14 16:43 - 2013-08-06 15:13 - 00018944 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\netaapl.sys 2014-04-14 16:43 - 2013-03-18 16:51 - 06112864 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll 2014-04-14 16:43 - 2013-03-18 16:51 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys 2014-04-14 16:43 - 2012-09-11 13:39 - 01461992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01009.dll 2014-04-14 16:42 - 2014-04-14 16:45 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\Program Files\Bonjour 2014-04-14 15:32 - 2014-04-14 15:35 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Apple Computer 2014-04-14 15:32 - 2014-04-14 15:32 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\AVG Secure Search 2014-04-14 15:31 - 2014-04-14 15:35 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Apple Computer 2014-04-14 15:31 - 2014-04-14 15:31 - 00001820 _____ () C:\Documents and Settings\test\Desktop\Google Chrome.lnk 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\LogMeIn 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Aimersoft 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\AVG2014 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\AVG Secure Search 2014-04-14 15:30 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Lenovo 2014-04-14 15:30 - 2014-04-14 15:30 - 00000795 _____ () C:\Documents and Settings\test\Start Menu\Programs\Windows Media Player.lnk 2014-04-14 15:30 - 2014-04-14 15:30 - 00000789 _____ () C:\Documents and Settings\test\Desktop\Windows Media Player.lnk 2014-04-14 15:30 - 2014-04-14 15:30 - 00000643 _____ () C:\WINDOWS\wmsetup.log 2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Avg2014 2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Documents and Settings\test 2014-04-14 15:30 - 2013-09-18 09:32 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Avg2013 2014-04-14 15:30 - 2013-05-10 09:07 - 00000000 ____D () C:\Documents and Settings\test\Application Data\TuneUp Software 2014-04-14 15:30 - 2010-07-10 13:28 - 00000000 ___RD () C:\Documents and Settings\test\Start Menu\Programs\Accessories 2014-04-14 15:30 - 2010-07-10 13:28 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2014-04-14 15:30 - 2010-04-06 19:50 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Adobe 2014-04-14 15:30 - 2010-04-06 19:48 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Macromedia 2014-04-14 15:30 - 2009-01-08 15:02 - 00000178 ___SH () C:\Documents and Settings\test\ntuser.ini 2014-04-14 15:30 - 2009-01-08 14:56 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Seven Zip 2014-04-14 15:30 - 2009-01-08 14:53 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Microsoft Help 2014-04-14 15:30 - 2009-01-08 14:52 - 00000000 ____D () C:\Documents and Settings\test\Application Data\ThinkVantage 2014-04-14 15:30 - 2009-01-08 14:43 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Symantec 2014-04-14 15:30 - 2009-01-08 14:42 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Symantec 2014-04-14 15:30 - 2006-04-30 17:13 - 00001600 _____ () C:\Documents and Settings\test\Start Menu\Programs\Remote Assistance.lnk 2014-04-14 14:54 - 2014-04-14 14:54 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-14 14:54 - 2014-04-14 14:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-04-14 14:37 - 2014-04-14 14:37 - 00000000 ____D () C:\Program Files\Broadcom 2014-04-14 14:35 - 2014-04-14 14:35 - 00000000 ____D () C:\Program Files\Sonic 2014-04-14 14:35 - 2014-04-14 14:35 - 00000000 ____D () C:\Program Files\Common Files\SureThing Shared 2014-04-14 14:34 - 2014-04-14 14:34 - 00001648 _____ () C:\Documents and Settings\All Users\Desktop\ThinkVantage Productivity Center.lnk 2014-04-14 14:32 - 2014-04-14 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lenovo Mouse Suite 2014-04-14 14:32 - 2013-03-26 07:47 - 00010240 ____N (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pvendrlf.SYS 2014-04-14 14:32 - 2013-03-26 07:46 - 00026624 ____N (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\phidmice.SYS 2014-04-14 14:32 - 2013-03-26 07:39 - 00019456 ____N (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\pmouself.SYS 2014-04-14 14:32 - 2012-06-19 11:07 - 00018944 ____N (Primax Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELMOUBT.SYS 2014-04-14 14:32 - 2012-06-19 11:06 - 00013312 ____N (Primax Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELBTM.SYS 2014-04-14 14:32 - 2009-11-02 15:00 - 00010240 _____ (TPMX Electronics Ltd.) C:\WINDOWS\system32\Drivers\PELVENDR.SYS 2014-04-14 14:29 - 2014-04-14 14:30 - 00001097 _____ () C:\WINDOWS\xpsp1hfm.log 2014-04-14 14:08 - 2014-04-14 14:08 - 00000705 _____ () C:\WINDOWS\SMinstall.log 2014-04-14 12:26 - 2007-02-19 15:56 - 00021376 _____ (Lenovo (United States) Inc.) C:\WINDOWS\system32\Drivers\psadd.sys 2014-04-14 12:16 - 2014-04-14 12:18 - 00258448 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\hendrix com.veg.sfk 2014-04-14 12:16 - 2014-04-14 12:16 - 66145728 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\hendrix com.veg.sfap0 2014-04-14 04:14 - 2014-04-14 04:14 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Desktop\drv 2014-04-14 04:06 - 2014-04-14 04:06 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Oracle 2014-04-14 04:04 - 2014-04-14 04:03 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-14 04:03 - 2014-04-14 04:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-04-14 03:43 - 2014-04-14 03:43 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\AMD Gaming Evolved 2014-04-14 03:43 - 2014-04-14 03:43 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\library_dir 2014-04-14 03:42 - 2014-04-14 12:11 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Raptr 2014-04-14 03:41 - 2014-04-14 03:43 - 00000000 ____D () C:\Program Files\Raptr 2014-04-14 03:08 - 2014-04-14 03:08 - 00000872 _____ () C:\WINDOWS\KB896256.log 2014-04-14 02:08 - 2014-04-14 18:45 - 00000000 ____D () C:\Program Files\SpeedFan 2014-04-14 02:08 - 2014-04-14 02:08 - 00000689 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\SpeedFan.lnk 2014-04-14 02:08 - 2014-04-14 02:08 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo 2014-04-14 02:08 - 2014-04-14 02:08 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\SpeedFan 2014-04-09 08:15 - 2014-04-09 08:15 - 416816732 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\Councillor Viki Howard Mixdown 1.wav 2014-04-09 08:15 - 2014-04-09 08:15 - 00407068 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\Councillor Viki Howard Mixdown 1.pkf 2014-04-01 21:08 - 2014-04-01 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 19:00 - 2014-04-01 19:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-03-25 07:53 - 2014-03-25 07:53 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\DropboxMaster 2014-03-25 06:32 - 2014-04-22 08:21 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{7195727A-5667-4970-8430-3FFFD09D0F69} 2014-03-25 06:32 - 2014-03-25 06:32 - 00001642 _____ () C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk 2014-03-25 06:32 - 2014-03-25 06:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\D-Link 2014-03-25 06:31 - 2014-04-22 08:21 - 00000014 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{7195727A-5667-4970-8430-3FFFD09D0F69} 2014-03-25 06:29 - 2011-09-06 09:33 - 01209408 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\Drt2870.sys ==================== One Month Modified Files and Folders ======= 2014-04-23 04:00 - 2014-04-23 04:00 - 00050907 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\FRST.txt 2014-04-23 04:00 - 2014-04-23 03:59 - 00000000 ____D () C:\FRST 2014-04-23 03:58 - 2014-04-23 03:58 - 01048064 _____ (Farbar) C:\Documents and Settings\Mr. Bojangles\Desktop\FRST.exe 2014-04-23 03:58 - 2009-01-22 11:46 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{B0CC9A6F-834D-47FF-9C2A-B9379DCECD3B}.job 2014-04-23 03:47 - 2014-04-23 03:45 - 00000099 _____ () C:\tvttemp.txt 2014-04-23 03:41 - 2009-10-06 00:43 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-23 03:36 - 2009-09-12 15:12 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\vlc 2014-04-23 03:18 - 2006-04-30 17:20 - 00032068 _____ () C:\WINDOWS\SchedLgU.Txt 2014-04-23 03:10 - 2012-04-22 16:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-23 02:52 - 2013-03-15 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn 2014-04-23 02:00 - 2012-02-12 16:08 - 00000358 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-MRBOJANGLES-Mr. Bojangles.job 2014-04-23 02:00 - 2009-01-17 16:45 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Adobe 2014-04-22 22:21 - 2009-06-02 03:12 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-04-22 21:26 - 2011-03-06 16:33 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2014-04-22 18:24 - 2013-04-16 22:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-04-22 13:41 - 2009-10-06 00:43 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-22 08:25 - 2012-05-02 00:01 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox 2014-04-22 08:23 - 2014-02-12 05:30 - 00000742 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk 2014-04-22 08:23 - 2006-04-30 16:56 - 00002278 ____C () C:\WINDOWS\system32\wpa.dbl 2014-04-22 08:21 - 2014-03-25 06:32 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{7195727A-5667-4970-8430-3FFFD09D0F69} 2014-04-22 08:21 - 2014-03-25 06:31 - 00000014 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{7195727A-5667-4970-8430-3FFFD09D0F69} 2014-04-22 08:20 - 2009-01-09 06:24 - 00003216 ____C () C:\WINDOWS\system32\encobject.dat 2014-04-22 08:20 - 2006-04-30 17:20 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT 2014-04-22 08:20 - 2006-04-30 10:07 - 00000159 ____C () C:\WINDOWS\wiadebug.log 2014-04-22 08:20 - 2006-04-30 10:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-04-22 08:19 - 2009-07-11 16:16 - 00094934 _____ () C:\aaw7boot.log 2014-04-22 08:17 - 2009-01-09 07:53 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\uTorrent 2014-04-21 21:30 - 2014-04-14 16:44 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-04-21 15:45 - 2014-01-02 19:20 - 00337716 _____ () C:\WINDOWS\setupapi.log 2014-04-20 06:17 - 2009-01-08 14:47 - 00000000 ____D () C:\SWSHARE 2014-04-20 06:16 - 2009-01-08 14:47 - 00005427 _____ (IBM Corporation) C:\WINDOWS\system32\EGATHDRV.SYS 2014-04-19 18:08 - 2006-04-30 17:11 - 01574579 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-19 18:01 - 2009-01-08 15:17 - 00000178 ___SH () C:\Documents and Settings\Mr. Bojangles\ntuser.ini 2014-04-19 18:01 - 2009-01-08 15:17 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles 2014-04-19 01:56 - 2014-02-12 05:30 - 00000726 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk 2014-04-19 01:56 - 2013-03-15 14:50 - 00001024 _____ () C:\.rnd 2014-04-19 01:56 - 2013-03-15 14:50 - 00000000 ____D () C:\Program Files\LogMeIn 2014-04-19 01:55 - 2013-03-15 14:50 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll 2014-04-19 01:55 - 2013-03-15 14:50 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll 2014-04-19 01:55 - 2013-03-15 14:50 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll 2014-04-17 16:00 - 2013-12-10 21:48 - 00001082 _____ () C:\WINDOWS\setupact.log 2014-04-17 01:14 - 2014-04-17 01:14 - 00075592 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-04-17 01:14 - 2014-04-17 01:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\M-Audio 2014-04-17 01:14 - 2014-04-17 01:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio 2014-04-17 01:14 - 2009-01-08 14:31 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2014-04-17 01:13 - 2014-04-17 01:13 - 00000000 ____D () C:\Program Files\M-Audio 2014-04-17 01:13 - 2014-04-17 01:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVID 2014-04-16 23:33 - 2009-01-09 17:17 - 00203264 _____ () C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-16 23:18 - 2012-03-26 06:28 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Desktop\unused icons (keep this folder) 2014-04-14 23:46 - 2014-04-14 23:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search 2014-04-14 19:07 - 2014-04-14 19:07 - 00000745 _____ () C:\Documents and Settings\All Users\Desktop\SensorsView Pro 4.3.lnk 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Program Files\SensorsViewPro43 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\My Documents\Beabeada 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\STV Software 2014-04-14 19:07 - 2014-04-14 19:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SensorsView Pro 4.3 2014-04-14 18:52 - 2014-04-14 18:50 - 00000000 ____D () C:\Program Files\Motherboard Monitor 5 2014-04-14 18:52 - 2014-04-14 18:50 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\MBM 5 2014-04-14 18:52 - 2014-04-14 18:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MBM 5 2014-04-14 18:45 - 2014-04-14 02:08 - 00000000 ____D () C:\Program Files\SpeedFan 2014-04-14 18:11 - 2014-04-14 18:11 - 00000000 ____D () C:\WINDOWS\system32\Lang 2014-04-14 17:27 - 2014-04-14 17:27 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Desktop\1234 2014-04-14 17:01 - 2014-04-14 17:01 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Program Files\iTunes 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Program Files\iPod 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-04-14 16:45 - 2014-04-14 16:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-04-14 16:45 - 2014-04-14 16:42 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-04-14 16:44 - 2014-04-14 16:44 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2014-04-14 16:44 - 2014-04-14 16:44 - 00000000 ____D () C:\Program Files\Apple Software Update 2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\Program Files\Bonjour 2014-04-14 16:42 - 2009-03-04 15:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple 2014-04-14 16:42 - 2009-01-08 14:36 - 00000000 ____D () C:\Program Files\Java 2014-04-14 15:35 - 2014-04-14 15:32 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Apple Computer 2014-04-14 15:35 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Apple Computer 2014-04-14 15:32 - 2014-04-14 15:32 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\AVG Secure Search 2014-04-14 15:31 - 2014-04-14 15:31 - 00001820 _____ () C:\Documents and Settings\test\Desktop\Google Chrome.lnk 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\LogMeIn 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Aimersoft 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\AVG2014 2014-04-14 15:31 - 2014-04-14 15:31 - 00000000 ____D () C:\Documents and Settings\test\Application Data\AVG Secure Search 2014-04-14 15:31 - 2014-04-14 15:30 - 00000000 ____D () C:\Documents and Settings\test\Application Data\Lenovo 2014-04-14 15:30 - 2014-04-14 15:30 - 00000795 _____ () C:\Documents and Settings\test\Start Menu\Programs\Windows Media Player.lnk 2014-04-14 15:30 - 2014-04-14 15:30 - 00000789 _____ () C:\Documents and Settings\test\Desktop\Windows Media Player.lnk 2014-04-14 15:30 - 2014-04-14 15:30 - 00000643 _____ () C:\WINDOWS\wmsetup.log 2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Documents and Settings\test\Local Settings\Application Data\Avg2014 2014-04-14 15:30 - 2014-04-14 15:30 - 00000000 ____D () C:\Documents and Settings\test 2014-04-14 15:30 - 2009-01-08 19:23 - 00000785 _____ () C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini 2014-04-14 15:30 - 2006-04-30 16:56 - 00000547 _____ () C:\WINDOWS\win.ini 2014-04-14 14:54 - 2014-04-14 14:54 - 00000000 ____D () C:\Program Files\QuickTime 2014-04-14 14:54 - 2014-04-14 14:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-04-14 14:44 - 2009-01-08 15:17 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Lenovo 2014-04-14 14:37 - 2014-04-14 14:37 - 00000000 ____D () C:\Program Files\Broadcom 2014-04-14 14:35 - 2014-04-14 14:35 - 00000000 ____D () C:\Program Files\Sonic 2014-04-14 14:35 - 2014-04-14 14:35 - 00000000 ____D () C:\Program Files\Common Files\SureThing Shared 2014-04-14 14:35 - 2009-01-08 14:39 - 00004169 _____ () C:\WINDOWS\wininit.ini 2014-04-14 14:35 - 2009-01-08 14:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Multimedia Center for Think Offerings 2014-04-14 14:34 - 2014-04-14 14:34 - 00001648 _____ () C:\Documents and Settings\All Users\Desktop\ThinkVantage Productivity Center.lnk 2014-04-14 14:34 - 2009-01-08 14:36 - 00001648 _____ () C:\Documents and Settings\All Users\Start Menu\ThinkVantage Productivity Center.lnk 2014-04-14 14:34 - 2009-01-08 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lenovo 2014-04-14 14:32 - 2014-04-14 14:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lenovo Mouse Suite 2014-04-14 14:32 - 2009-01-08 14:35 - 00000000 ____D () C:\Program Files\Lenovo 2014-04-14 14:32 - 2006-04-30 02:57 - 00000000 ____D () C:\WINDOWS\Help 2014-04-14 14:30 - 2014-04-14 14:29 - 00001097 _____ () C:\WINDOWS\xpsp1hfm.log 2014-04-14 14:30 - 2009-01-08 14:39 - 00000000 ____D () C:\Program Files\Common Files\Sonic Shared 2014-04-14 14:08 - 2014-04-14 14:08 - 00000705 _____ () C:\WINDOWS\SMinstall.log 2014-04-14 12:27 - 2009-01-08 14:40 - 00000000 ____D () C:\Program Files\Common Files\Lenovo 2014-04-14 12:27 - 2009-01-08 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage 2014-04-14 12:18 - 2014-04-14 12:16 - 00258448 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\hendrix com.veg.sfk 2014-04-14 12:18 - 2013-04-16 02:26 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\My Documents\Sony Media Libraries 2014-04-14 12:16 - 2014-04-14 12:16 - 66145728 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\hendrix com.veg.sfap0 2014-04-14 12:11 - 2014-04-14 03:42 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Raptr 2014-04-14 04:14 - 2014-04-14 04:14 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Desktop\drv 2014-04-14 04:06 - 2014-04-14 04:06 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\Oracle 2014-04-14 04:05 - 2009-07-07 15:35 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\SystemRequirementsLab 2014-04-14 04:04 - 2009-01-08 14:36 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-04-14 04:03 - 2014-04-14 04:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-04-14 04:03 - 2014-04-14 04:03 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-04-14 04:03 - 2014-04-14 04:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-04-14 04:03 - 2013-06-22 18:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-04-14 03:43 - 2014-04-14 03:43 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\AMD Gaming Evolved 2014-04-14 03:43 - 2014-04-14 03:43 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\library_dir 2014-04-14 03:43 - 2014-04-14 03:41 - 00000000 ____D () C:\Program Files\Raptr 2014-04-14 03:08 - 2014-04-14 03:08 - 00000872 _____ () C:\WINDOWS\KB896256.log 2014-04-14 02:08 - 2014-04-14 02:08 - 00000689 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\SpeedFan.lnk 2014-04-14 02:08 - 2014-04-14 02:08 - 00000045 _____ () C:\WINDOWS\system32\initdebug.nfo 2014-04-14 02:08 - 2014-04-14 02:08 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\SpeedFan 2014-04-14 01:39 - 2013-11-29 13:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-04-12 15:31 - 2013-03-15 14:50 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak 2014-04-12 15:31 - 2013-03-15 14:50 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak 2014-04-10 04:21 - 2013-03-09 05:51 - 00120320 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-09 08:15 - 2014-04-09 08:15 - 416816732 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\Councillor Viki Howard Mixdown 1.wav 2014-04-09 08:15 - 2014-04-09 08:15 - 00407068 _____ () C:\Documents and Settings\Mr. Bojangles\Desktop\Councillor Viki Howard Mixdown 1.pkf 2014-04-08 17:08 - 2013-07-01 09:03 - 00006144 ___SH () C:\WINDOWS\system32\Thumbs.db 2014-04-02 04:15 - 2012-05-03 20:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-04-01 21:08 - 2014-04-01 21:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-04-01 19:00 - 2014-04-01 19:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-03-26 12:39 - 2013-12-28 13:39 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\AVG Secure Search 2014-03-26 06:27 - 2013-12-28 13:39 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys 2014-03-26 06:27 - 2013-12-28 13:39 - 00003669 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2014-03-26 06:27 - 2013-12-28 13:39 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-03-26 06:27 - 2013-12-28 13:39 - 00000000 ____D () C:\Program Files\AVG Secure Search 2014-03-25 14:26 - 2013-04-08 03:31 - 00000000 ____D () C:\Program Files\Defraggler 2014-03-25 14:23 - 2013-07-05 08:57 - 00001587 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk 2014-03-25 08:02 - 2013-03-11 11:10 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-25 07:53 - 2014-03-25 07:53 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Application Data\DropboxMaster 2014-03-25 07:53 - 2012-05-02 00:01 - 00000000 ____D () C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\Dropbox 2014-03-25 07:50 - 2012-04-22 16:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-25 07:50 - 2011-05-29 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-25 07:41 - 2009-03-23 16:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Real Time Relativity 2014-03-25 06:33 - 2006-04-30 16:56 - 00000327 __RSH () C:\boot.ini 2014-03-25 06:33 - 2006-04-30 16:56 - 00000253 _____ () C:\WINDOWS\system.ini 2014-03-25 06:32 - 2014-03-25 06:32 - 00001642 _____ () C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk 2014-03-25 06:32 - 2014-03-25 06:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\D-Link 2014-03-25 06:31 - 2006-04-30 10:04 - 00602988 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-25 06:30 - 2011-12-29 18:43 - 00001975 _____ () C:\WINDOWS\system32\RaCoInst.log 2014-03-25 06:29 - 2011-12-29 18:35 - 00000000 ____D () C:\Program Files\D-Link 2014-03-25 06:29 - 2009-01-08 14:31 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information Some content of TEMP: ==================== C:\Documents and Settings\Mr. Bojangles\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprr7mgl.dll C:\Documents and Settings\Mr. Bojangles\Local Settings\temp\jre-7u55-windows-i586-iftw.exe C:\Documents and Settings\Mr. Bojangles\Local Settings\temp\sfamcc00001.dll C:\Documents and Settings\Mr. Bojangles\Local Settings\temp\sfareca00001.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe [2006-04-30 16:55] - [2008-04-14 10:12] - 0975872 ____N (Microsoft Corporation) 561a50497324f378e30f55d09b4e1258 C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  9. Hello! #My computer has started acting up recently. All symptoms appeared over a couple of days. written below are the symptoms: - Mbam scan runs indefinately. The scan will start but will not complete. longest seen run time is +9hrs and was cancelled by user. - all sub directory names not visible in some directories when 'thumbnail view' selected. - very slow system even though CPU is at 2-10% - computer randomly restarts. no error message and no blue screen. - Audio cuts off randomly and driver must be re-started before sound will work. - Computer fails to restore to backed up state. the system restore appears to accept the instructions to restore the PC, but does not actually begin restore process. In fact nothing happens at all. #system status when problems occur: -CPU, GPU & Power supply temperatures within optimal range. -page file size less than installed RAM. [PF= 1.4GB // RAM= 2GB] -power supply voltages within optimal range (no excessive drain that would indicate faulty power supply). -HD fragmentation at 8% #What i have tried already that has failed to fix any problems: -Mbam full scan. [scan would not complete]. -rolling back and re-installing most current drivers for CPU, GPU and Sound card. [re-installations succesful. Problems still occuring]. -System restore. [could not actually complete a system restore opperation]. #I have concluded based on this information that hardware is not to blame. I believe that my system is infected because specifically, Mbam seems to be disabled which i find very suspicious. I have no clue what is going on otherwise.
  10. ESET results: C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\cbsidlm-tr1_10a-Network_Monitor_II-ORG-75707519.exe Win32/DownloadAdmin.G application C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\NetworkMonitorII_downloader_by_MyFavoriteGadgets(1).exe a variant of Win32/Somoto.A application C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\NetworkMonitorII_downloader_by_MyFavoriteGadgets(2).exe a variant of Win32/Somoto.A application C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\NetworkMonitorII_downloader_by_MyFavoriteGadgets.exe a variant of Win32/Somoto.A application C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\PamelaCRSetup.exe a variant of Win32/Bundled.Toolbar.Ask application C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1285\A0233882.dll Win32/Toolbar.MyWebSearch application C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1285\A0233883.exe a variant of Win32/Somoto.A application C:\TDSSKiller_Quarantine\09.03.2013_06.26.24\tdlfs0000\tsk0000.dta Win32/Olmarik.UT trojan
  11. #MBAM Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.10.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 Mr. Bojangles :: MRBOJANGLES [administrator] 3/11/2013 11:16:52 AM mbam-log-2013-03-11 (11-16-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241343 Time elapsed: 9 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) #HIJACK THIS Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:31:20 AM, on 3/11/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\Program Files\Zune\ZuneBusEnum.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe c:\Program Files\Zune\ZuneWlanCfgSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe C:\WINDOWS\system32\M-AudioTaskBarIcon.exe C:\WINDOWS\system32\ICO.EXE C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\WINDOWS\system32\Pelmiced.exe C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\System32\cmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\HijackThis.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\taskkill.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [D-Link D-Link DWA-525] C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: startup concealer outlook.vbs O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: D_Link_DWA-525 Service (D_Link_DWA-525) - Wireless Service - C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe O23 - Service: D_Link_DWA-525_WPS Service (D_Link_DWA-525_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 12775 bytes Had no issues. Computer seems to be running great )
  12. 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office system AC3Filter (remove only) Access Help Activation Assistant for the 2007 Microsoft Office suites Addictive Drums Adobe AIR Adobe Audition CS5.5 Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Alarm 2.0.4 AltoMP3 Gold 5.20 Antares Auto-Tune Evo VST Apple Application Support Apple Mobile Device Support Apple Software Update ASIO4ALL Bonjour Business Contact Manager for Outlook 2007 SP1 CamStudio OSS Desktop Recorder Client Security Solution Collab Cool Edit Pro 2.1 D-Link DWA-525 Diskeeper Lite Dropbox e-tax 2012 Easy File Undelete Facebook Video Calling 1.2.0.287 ffdshow [rev 3154] [2009-12-09] FL Studio 8 Freecorder Toolbar 3.02 Application Freez iPod Video Converter GDR 3073 for SQL Server Database Services 2005 ENU (KB954606) Google Calendar Sync Google Chrome Google Earth Google Update Helper Guitar Pro 4.0 Help Center High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 2.0 (KB922981) Hotfix for Microsoft .NET Framework 2.0 (KB923319) Hotfix for Windows Media Format 11 SDK (KB973442) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) IL Download Manager ImgBurn Intel® Graphics Media Accelerator Driver Interlok driver setup x32 InterVideo WinDVD InterVideo WinDVD Creator 3 iTunes J2SE Runtime Environment 5.0 Update 6 Java 6 Update 11 Java 6 Update 6 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) M-Audio FastTrackPro Driver 6.0.7 (x86) Magic ISO Maker v5.5 (build 0281) Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus Message Center Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mouse Suite Mozilla Firefox 19.0.2 (x86 en-US) Mozilla Maintenance Service MP4 To MP3 Converter V3.0.4 MSNShell 4 MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) MTP Porting Kit Pack Vista Inspirat 2 1.0 PC-Doctor 5 for Windows Picasa 3 PoiZone PokerStars Productivity Center Supplement for ThinkCentre QuickTime RecordNow Audio RecordNow Copy RecordNow Data Remove Multimedia Center Rescue and Recovery Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB958439) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft Office Excel 2007 (KB958437) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB956828) Security Update for Microsoft Office Word 2007 (KB956358) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Segoe UI SkyGazer 4 Skype™ 3.8 Sonic DLA Sonic Express Labeler Sonic Icons for Lenovo Sonic Update Manager SoundMAX Spybot - Search & Destroy Steam Symantec Client Security System Migration Assistant System Update ThinkVantage Away Manager ThinkVantage Productivity Center ThinkVantage System Update Toolbar Button for IE ThinkVantage Technologies Welcome Message Toxic Biohazard Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb959141) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 2.0.3 Wallpapers WebFldrs XP Winamp Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Upload Tool Windows Media Connect Windows Media Format 11 runtime Windows Media Player 11 Windows Mobile Device Updater Component Windows XP Service Pack 3 WinRAR archiver Wisdom-soft ScreenHunter 6.0 Free Xiph.Org Open Codecs 0.85.17777 XP Themes Zune Zune Language Pack (DEU) Zune Language Pack (ESP) Zune Language Pack (FRA) Zune Language Pack (ITA) Zune Language Pack (NLD) Zune Language Pack (PTB) Zune Language Pack (PTG)
  13. Eh Gringo! You tha man! MALWARE REMOVED! and i'm rpetty sure after that my pc is squeaky clean from anything i didnt know i had. thankyou so much for your assistance with this tell your boss you deserve mroe hollidays mate haha
  14. Ahh HAA! now that is the right question! i have been using firefox. the ads do not appear when i use googel chrome. shoudl i just re-install firefox?
  15. No running issues. still have ads. ComboFix 13-03-07.03 - Mr. Bojangles 03/09/2013 7:21.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1293 [GMT 10:00] Running from: c:\documents and settings\Mr. Bojangles\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Mr. Bojangles\Desktop\CFScript.txt.txt AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *Disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} . . ((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 ))))))))))))))))))))))))))))))) . . 2013-03-08 20:31 . 2013-03-08 20:31 -------- d-----w- C:\TDSSKiller_Quarantine 2013-02-25 13:58 . 2013-02-25 14:06 -------- d-----w- c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\adawarebp 2013-02-24 12:14 . 2013-02-24 12:14 -------- d-----w- c:\windows\ERUNT 2013-02-24 12:13 . 2013-02-24 12:13 -------- d-----w- C:\JRT 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-02 14:00 . 2009-01-08 04:47 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2013-02-27 12:13 . 2012-04-22 06:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 12:13 . 2011-05-29 09:02 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-14 06:49 . 2009-09-23 08:38 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-25 16:41 . 2013-03-08 05:46 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2013-03-08 05:46 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2013-03-08 05:46 . 2013-03-08 05:46 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\mshtml.dll [-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\mshtml.dll [-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\mshtml.dll [-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\mshtml.dll [7] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll [7] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll [7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll [7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll [7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll [7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll [7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll [7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\system32\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\system32\dllcache\mshtml.dll [7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll [7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mshtml.dll [7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll [-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\ie7\mshtml.dll [-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB905915$\mshtml.dll [-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll . [-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\wininet.dll [-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\wininet.dll [-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\wininet.dll [-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\wininet.dll [7] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll [7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll [7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll [7] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll [7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [7] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll [7] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll [7] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\system32\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\system32\dllcache\wininet.dll [7] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wininet.dll [7] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\ie7\wininet.dll [-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB905915$\wininet.dll [-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll . [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [-] 2004-08-04 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe . [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe [7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\regedit.exe [-] 2004-08-04 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-21 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472] "D-Link D-Link DWA-525"="c:\program files\D-Link\DWA-525 revA\AirNCFG.exe" [2010-04-22 1015808] "WZCSLDR2"="c:\program files\D-Link\DWA-525 revA\WZCSLDR2.exe" [2010-04-22 122880] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\documents and settings\Mr. Bojangles\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe [2013-1-21 28539272] startup concealer outlook.vbs [2011-12-12 209] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Mr. Bojangles^Start Menu^Programs^Startup^Y'z Shadow.lnk] path=c:\documents and settings\Mr. Bojangles\Start Menu\Programs\Startup\Y'z Shadow.lnk backup=c:\windows\pss\Y'z Shadow.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-03-15 07:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] 2005-11-14 06:23 487424 -c----w- c:\program files\ThinkVantage\AMSG\Amsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 11:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] 2006-06-18 17:06 69632 -c----w- c:\program files\Lenovo\AwayTask\AwaySch.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2005-06-02 17:21 48752 -c----w- c:\program files\Common Files\Symantec Shared\ccApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] 2006-07-15 02:13 2341632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] 2006-05-19 00:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2006-02-02 13:20 122940 -c----w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c----w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-01-13 01:47 163840 -c----w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-28 00:50 221184 -c----w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-28 00:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2006-07-04 16:11 110592 -c----w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] 2010-12-07 09:39 644104 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] 2005-04-13 22:34 49152 -c----w- c:\windows\system32\ico.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 12:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe] 2006-03-14 00:38 41472 -c----r- c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-01-13 01:46 135168 -c----w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 08:36 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-03-25 12:28 144784 -c----w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2005-08-19 01:22 85696 -c----w- c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "D_Link_DWA-525"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\MSNShell\\Bin\\engie.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/6/2010 9:26 PM 64288] R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [12/29/2011 6:38 PM 29411] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/8/2011 1:33 AM 3857408] R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 10:05 AM 58368] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/15/2006 9:55 AM 3968] R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [12/7/2010 3:39 PM 158600] S2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\D-Link\DWA-525 revA\ANIWConnService.exe [12/29/2011 6:37 PM 40960] S3 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\D-Link\DWA-525 revA\ANIWZCSdS.exe [12/29/2011 6:37 PM 126976] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/22/2010 3:44 AM 1737728] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/6/2013 1:48 AM 235216] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/10/2011 4:55 AM 18432] S3 RT80x86;D-Link 802.11n Wireless Driver;c:\windows\system32\drivers\Drt2860.sys [12/29/2011 6:35 PM 1329632] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [8/19/2005 11:22 AM 124608] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 13:04 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 07:40] . 2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:13] . 2013-03-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-MRBOJANGLES-Mr. Bojangles.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-12 07:42] . 2013-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57] . 2013-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838019926-1718427338-2428480347-1008Core.job - c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-21 11:02] . 2013-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838019926-1718427338-2428480347-1008UA.job - c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-21 11:02] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 14:43] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 14:43] . 2009-01-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-01-08 01:32] . 2013-03-08 c:\windows\Tasks\User_Feed_Synchronization-{B0CC9A6F-834D-47FF-9C2A-B9379DCECD3B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 19:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Set As Messenger Live Display Picture - c:\program files\MSNShell\Bin\SetMSNDP.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-18674265.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-09 07:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\DeviceClasses\{4d1e55b2-f16f-11cf-88cb-001111000030}\##?#HID#Vid_046d&Pid_0a0c&MI_03#7&1fc07de5&0&0000#{4d1e55b2-f1*f-11cf-*8cb-001*1100003*}] "ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\DeviceClasses\{4d1e55b2-f16f-11cf-88cb-001111000030}\##?#HID#Vid_046d&Pid_0a0c&MI_03#7&1fc07de5&0&0000#{4d1e55b2-f1*f-11cf-*8cb-001*1100003*}\#] @="Microsoft\00??ms_mmvid\00\0c???\0e\08\00?\00\03\00\01\00???????\00???\0a\12\00?\00\01\00\01\00?????\00\00\00??7-1-2001\00\00??Video Codecs" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\tvt_gina.dll c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll c:\program files\Lenovo\Client Security Solution\csswait.dll c:\program files\Common Files\Lenovo\tvt_banner.dll c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll c:\program files\Lenovo\Client Security Solution\tvttsp.dll c:\program files\Lenovo\Client Security Solution\tcsrpc.dll c:\program files\Common Files\Lenovo\tvt_res.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll . - - - - - - - > 'explorer.exe'(5168) c:\windows\system32\SHDOCVW.dll c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll c:\windows\system32\ntshrui.dll c:\windows\system32\msi.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\pelscrll.dll c:\windows\system32\PELCOMM.dll c:\windows\system32\PELHOOKS.dll . Completion time: 2013-03-09 07:33:51 ComboFix-quarantined-files.txt 2013-03-08 21:33 ComboFix2.txt 2013-03-08 17:51 ComboFix3.txt 2009-09-27 19:15 . Pre-Run: 6,771,224,576 bytes free Post-Run: 6,755,426,304 bytes free . - - End Of File - - CFB1E1190463AB046ABF10772746BE2E
  16. ok that's done, here's the log. malware still present. will restart pc. 06:28:02.0421 3568 ============================================================ 06:28:02.0421 3568 Scan finished 06:28:02.0421 3568 ============================================================ 06:28:02.0546 0260 Detected object count: 36 06:28:02.0546 0260 Actual detected object count: 36 06:31:07.0125 0260 ANPD ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0125 0260 ANPD ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0125 0260 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0125 0260 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0125 0260 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0125 0260 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0125 0260 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0125 0260 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0125 0260 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0125 0260 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0140 0260 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0140 0260 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0140 0260 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0140 0260 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0140 0260 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0140 0260 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0140 0260 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0140 0260 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0156 0260 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0156 0260 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0156 0260 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0156 0260 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0156 0260 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0156 0260 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0156 0260 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0156 0260 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0171 0260 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0171 0260 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0171 0260 D_Link_DWA-525 ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0171 0260 D_Link_DWA-525 ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0171 0260 D_Link_DWA-525_WPS ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0171 0260 D_Link_DWA-525_WPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0171 0260 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0171 0260 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0187 0260 ialm ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0187 0260 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0187 0260 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0187 0260 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0187 0260 IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0187 0260 IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0203 0260 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0203 0260 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0203 0260 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0203 0260 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0218 0260 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0218 0260 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0218 0260 pmem ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0218 0260 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0218 0260 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0218 0260 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0234 0260 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0234 0260 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0234 0260 psadd ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0234 0260 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0234 0260 PsaSrv ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0234 0260 PsaSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0234 0260 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0234 0260 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0250 0260 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0250 0260 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0250 0260 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0250 0260 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0250 0260 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0250 0260 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0250 0260 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0250 0260 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0250 0260 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0250 0260 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0265 0260 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user 06:31:07.0265 0260 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip 06:31:07.0343 0260 \Device\Harddisk0\DR0\TDLFS\z00clicker.dll - copied to quarantine 06:31:07.0343 0260 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 06:31:07.0343 0260 \Device\Harddisk0\DR0\TDLFS - deleted 06:31:07.0343 0260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  17. running antirootkit now. will post report when done. in teh mean time, do you want the rest of the report from TDSSKILLER?
  18. 05:19:30.0734 3796 ============================================================ 05:19:30.0734 3796 Scan finished 05:19:30.0734 3796 ============================================================ 05:19:30.0843 3384 Detected object count: 36 05:19:30.0843 3384 Actual detected object count: 36 05:21:21.0921 3384 ANPD ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0921 3384 ANPD ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0921 3384 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0921 3384 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0921 3384 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0921 3384 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0921 3384 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0921 3384 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0937 3384 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0937 3384 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0937 3384 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0937 3384 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0937 3384 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0937 3384 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0953 3384 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0953 3384 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0968 3384 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0968 3384 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0968 3384 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0968 3384 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0984 3384 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0984 3384 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0984 3384 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0984 3384 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:21.0984 3384 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:21.0984 3384 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0000 3384 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0000 3384 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0000 3384 D_Link_DWA-525 ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0000 3384 D_Link_DWA-525 ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0000 3384 D_Link_DWA-525_WPS ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0000 3384 D_Link_DWA-525_WPS ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0000 3384 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0000 3384 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0000 3384 ialm ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0000 3384 ialm ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0015 3384 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0015 3384 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0015 3384 IPSSVC ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0015 3384 IPSSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0015 3384 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0015 3384 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0031 3384 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0031 3384 Lavasoft Ad-Aware Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0031 3384 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0031 3384 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0031 3384 pmem ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0031 3384 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0031 3384 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0031 3384 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0046 3384 PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0046 3384 PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0046 3384 psadd ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0046 3384 psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0046 3384 PsaSrv ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0046 3384 PsaSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0046 3384 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0046 3384 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0062 3384 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0062 3384 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0062 3384 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0062 3384 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0062 3384 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0062 3384 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0062 3384 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0062 3384 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0062 3384 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0078 3384 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0078 3384 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user 05:21:22.0078 3384 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip 05:21:22.0078 3384 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 05:21:22.0078 3384 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  19. Unfortunately, i am still getting the malware ads on all my web pages
  20. Thanks Gringo, I had no problems executing your instructions. combofix ran without a hitch here is the log file: ComboFix 13-03-07.03 - Mr. Bojangles 03/09/2013 3:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1411 [GMT 10:00] Running from: c:\documents and settings\Mr. Bojangles\My Documents\Downloads\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\windows\system32\SET20.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SETBF.tmp c:\windows\system32\SETC2.tmp c:\windows\system32\SETCB.tmp c:\windows\system32\SETCF.tmp c:\windows\system32\SETD0.tmp c:\windows\system32\SETD1.tmp c:\windows\system32\SETD4.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-08 to 2013-03-08 ))))))))))))))))))))))))))))))) . . 2013-02-25 13:58 . 2013-02-25 14:06 -------- d-----w- c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\adawarebp 2013-02-24 12:14 . 2013-02-24 12:14 -------- d-----w- c:\windows\ERUNT 2013-02-24 12:13 . 2013-02-24 12:13 -------- d-----w- C:\JRT 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-02 14:00 . 2009-01-08 04:47 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2013-02-27 12:13 . 2012-04-22 06:25 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-27 12:13 . 2011-05-29 09:02 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-14 06:49 . 2009-09-23 08:38 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-25 16:41 . 2013-03-08 05:46 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2013-03-08 05:46 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2013-03-08 05:46 . 2013-03-08 05:46 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\mshtml.dll [-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\mshtml.dll [-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\mshtml.dll [-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\mshtml.dll [7] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll [7] 2009-07-19 . F25D866DD486AD30E05E5596CB363C3E . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll [7] 2009-05-13 . EEAADAA744B20E68CF5EB4FBB4F8AFA9 . 5936128 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\mshtml.dll [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll [7] 2009-05-13 . 1290E417BF806185CC7B2845E78A104E . 5936128 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\mshtml.dll [7] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie8\mshtml.dll [7] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll [7] 2009-03-07 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll [7] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [7] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll [7] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [7] 2009-01-16 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\system32\mshtml.dll [-] 2008-12-13 . 513D14B789343F7C4150C0568E252D0B . 3866112 . . [7.00.6000.16788] . . c:\windows\system32\dllcache\mshtml.dll [7] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll [7] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\mshtml.dll [7] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll [-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\ie7\mshtml.dll . [-] 2010-05-04 . 83306356DE710DA87ED91A6AF6233214 . 832512 . . [7.00.6000.17055] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3gdr\wininet.dll [-] 2010-05-04 . 506B3DCB9C26070072E3047C6910F844 . 841216 . . [7.00.6000.21256] . . c:\windows\SoftwareDistribution\Download\da350b0b03b15d30eb758fde8c0df67a\sp3qfe\wininet.dll [-] 2010-03-11 . B6AB2EB1DA4BB29079B84AC842520670 . 832512 . . [7.00.6000.17023] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3gdr\wininet.dll [-] 2010-03-11 . 7F6A9D2F3CAA7780AAFD478BF3411462 . 841216 . . [7.00.6000.21228] . . c:\windows\SoftwareDistribution\Download\fd907694b9730bf0b6b92a6dbc2f96ef\sp3qfe\wininet.dll [7] 2010-01-05 . E7B99465DE2EDCF29784B7600BF6FAE8 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll [7] 2009-07-03 . 38114DAB42FB2EB84D1726C42B8D80C5 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll [7] 2009-05-13 . 366C72AF6970DB7BB39AB0142BF09DB5 . 915456 . . [8.00.6001.18783] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3GDR\wininet.dll [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [7] 2009-05-13 . C0EB6850C8A02A154281749DC61FAF22 . 915456 . . [8.00.6001.22873] . . c:\windows\SoftwareDistribution\Download\97fe76a20161cb86e78057600e7c82a0\SP3QFE\wininet.dll [7] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie8\wininet.dll [7] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [7] 2009-03-07 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll [7] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll [7] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [7] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\system32\wininet.dll [-] 2008-10-16 . 5044269D9DC59326D8EE54C28ACD7003 . 817152 . . [7.00.6000.16762] . . c:\windows\system32\dllcache\wininet.dll [7] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\wininet.dll [7] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\ie7\wininet.dll [-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB905915$\wininet.dll [-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll . [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe [-] 2004-08-04 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe . [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe [-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe [7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\regedit.exe [-] 2004-08-04 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-08-21 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472] "D-Link D-Link DWA-525"="c:\program files\D-Link\DWA-525 revA\AirNCFG.exe" [2010-04-22 1015808] "WZCSLDR2"="c:\program files\D-Link\DWA-525 revA\WZCSLDR2.exe" [2010-04-22 122880] "M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\documents and settings\Mr. Bojangles\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Mr. Bojangles\Application Data\Dropbox\bin\Dropbox.exe [2013-1-21 28539272] startup concealer outlook.vbs [2011-12-12 209] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-6 272248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify] 2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Calendar Sync.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk backup=c:\windows\pss\Google Calendar Sync.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Mr. Bojangles^Start Menu^Programs^Startup^Y'z Shadow.lnk] path=c:\documents and settings\Mr. Bojangles\Start Menu\Programs\Startup\Y'z Shadow.lnk backup=c:\windows\pss\Y'z Shadow.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2011-03-15 07:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG] 2005-11-14 06:23 487424 -c----w- c:\program files\ThinkVantage\AMSG\Amsg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 11:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] 2006-06-18 17:06 69632 -c----w- c:\program files\Lenovo\AwayTask\AwaySch.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2005-06-02 17:21 48752 -c----w- c:\program files\Common Files\Symantec Shared\ccApp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] 2006-07-15 02:13 2341632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] 2006-05-19 00:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2006-02-02 13:20 122940 -c----w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-08 01:07 61952 -c----w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-01-13 01:47 163840 -c----w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-07-28 00:50 221184 -c----w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-28 00:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 13:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2006-07-04 16:11 110592 -c----w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon] 2010-12-07 09:39 644104 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon] 2005-04-13 22:34 49152 -c----w- c:\windows\system32\ico.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2010-04-16 12:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe] 2006-03-14 00:38 41472 -c----r- c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-01-13 01:46 135168 -c----w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-07-05 08:36 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-03-25 12:28 144784 -c----w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2005-08-19 01:22 85696 -c----w- c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "D_Link_DWA-525"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\MSNShell\\Bin\\engie.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/6/2010 9:26 PM 64288] R2 ANPD;ANPD Service;c:\windows\system32\ANPD.SYS [12/29/2011 6:38 PM 29411] R2 D_Link_DWA-525_WPS;D_Link_DWA-525_WPS Service;c:\program files\D-Link\DWA-525 revA\ANIWConnService.exe [12/29/2011 6:37 PM 40960] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4/8/2011 1:33 AM 3857408] R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 10:05 AM 58368] R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/15/2006 9:55 AM 3968] R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [12/7/2010 3:39 PM 158600] S3 D_Link_DWA-525;D_Link_DWA-525 Service;c:\program files\D-Link\DWA-525 revA\ANIWZCSdS.exe [12/29/2011 6:37 PM 126976] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [6/22/2010 3:44 AM 1737728] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/6/2013 1:48 AM 235216] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/10/2011 4:55 AM 18432] S3 RT80x86;D-Link 802.11n Wireless Driver;c:\windows\system32\drivers\Drt2860.sys [12/29/2011 6:35 PM 1329632] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [8/19/2005 11:22 AM 124608] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-05 13:04 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-06-21 07:40] . 2013-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 12:13] . 2013-03-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-MRBOJANGLES-Mr. Bojangles.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-12 07:42] . 2013-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57] . 2013-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838019926-1718427338-2428480347-1008Core.job - c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-21 11:02] . 2013-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2838019926-1718427338-2428480347-1008UA.job - c:\documents and settings\Mr. Bojangles\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-21 11:02] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 14:43] . 2013-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-05 14:43] . 2009-01-08 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2009-01-08 01:32] . 2013-03-08 c:\windows\Tasks\User_Feed_Synchronization-{B0CC9A6F-834D-47FF-9C2A-B9379DCECD3B}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 19:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Set As Messenger Live Display Picture - c:\program files\MSNShell\Bin\SetMSNDP.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe MSConfigStartUp-{36766253-3625-2B37-8020-3C1C75B36046} - c:\documents and settings\Mr. Bojangles\Application Data\Gouww\iwzi.exe AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe AddRemove-adawaretb - c:\program files\adawaretb\uninstall.exe AddRemove-CodeMallet - c:\program files\CodeMallet\uninstall.exe AddRemove-eSupport UndeletePlus_is1 - e:\esupport undeleteplus\unins000.exe AddRemove-Native Instruments Controller Editor - c:\documents and settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe AddRemove-Native Instruments Guitar Rig 4 - c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe AddRemove-Native Instruments Guitar Rig 5 - c:\documents and settings\All Users\Application Data\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe AddRemove-Native Instruments GuitarRig Mobile IO Driver - c:\documents and settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe AddRemove-Native Instruments Rig Kontrol 3 Driver - c:\documents and settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}\Rig Kontrol 3 Driver Setup.exe AddRemove-Native Instruments Service Center - c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe AddRemove-Native Instruments Session IO Driver - c:\documents and settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe AddRemove-Spark - c:\program files\Spark\uninstall.exe AddRemove-Steam App 240 - c:\program files\Steam\steam.exe AddRemove-TeamViewer 6 - c:\program files\TeamViewer\Version6\uninstall.exe AddRemove-TVersity Codec Pack - c:\program files\TVersity Codec Pack\uninst.exe AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\documents and settings\All Users\Application Data\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\documents and settings\All Users\Application Data\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\documents and settings\All Users\Application Data\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}\Service Center Setup.exe AddRemove-{2930FB47-6452-4476-BF16-D77F748646DB} - c:\documents and settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe AddRemove-{7930FB47-6452-4476-BF16-D77F748646DB} - c:\documents and settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe AddRemove-{B962AD08-335F-46f7-A182-257D37672E5C} - c:\documents and settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}\Rig Kontrol 3 Driver Setup.exe AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\documents and settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\documents and settings\All Users\Application Data\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-09 03:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\DeviceClasses\{4d1e55b2-f16f-11cf-88cb-001111000030}\##?#HID#Vid_046d&Pid_0a0c&MI_03#7&1fc07de5&0&0000#{4d1e55b2-f1*f-11cf-*8cb-001*1100003*}] "ClassGUID"="{4D36E97D-E325-11CE-BFC1-08002BE10318}" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\DeviceClasses\{4d1e55b2-f16f-11cf-88cb-001111000030}\##?#HID#Vid_046d&Pid_0a0c&MI_03#7&1fc07de5&0&0000#{4d1e55b2-f1*f-11cf-*8cb-001*1100003*}\#] @="Microsoft\00??ms_mmvid\00\0c???\0e\08\00?\00\03\00\01\00???????\00???\0a\12\00?\00\01\00\01\00?????\00\00\00??7-1-2001\00\00??Video Codecs" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\tvt_gina.dll c:\program files\Lenovo\Client Security Solution\css_gina_plugin.dll c:\program files\Lenovo\Client Security Solution\css_wait_bar.dll c:\program files\Lenovo\Client Security Solution\cssuserdatadispatcher.dll c:\program files\Lenovo\Client Security Solution\csswait.dll c:\program files\Common Files\Lenovo\tvt_banner.dll c:\program files\Lenovo\Client Security Solution\cssdlgpwentry.dll c:\program files\Lenovo\Client Security Solution\dlganswerprompt.dll c:\program files\Lenovo\Client Security Solution\tvttsp.dll c:\program files\Lenovo\Client Security Solution\tcsrpc.dll c:\program files\Common Files\Lenovo\tvt_res.dll c:\program files\Lenovo\AwayTask\AwayNotify.dll . Completion time: 2013-03-09 03:51:02 ComboFix-quarantined-files.txt 2013-03-08 17:50 ComboFix2.txt 2009-09-27 19:15 . Pre-Run: 13,662,547,968 bytes free Post-Run: 14,941,941,760 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5661F7837A8D37A02950D3364C844F25
  21. Here are the results from the scans Results of screen317's Security Check version 0.99.60 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Please wait while WMIC is being installed. WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Ad-Aware MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 11 Java 6 Update 6 Java version out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0.2) Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Mr. Bojangles [Admin rights] Mode : Scan -- Date : 03/09/2013 02:39:19 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[31] : NtConnectPort @ 0x805A45B4 -> HOOKED (Unknown @ 0x8A445E28) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 5e6f13bc4d3da5934cfc9f3304d98a65 [bSP] e5b474159f46c3737748d986e9839ab8 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 146334 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 299692575 | Size: 6291 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03092013_02d0239.txt >> RKreport[1]_S_03092013_02d0239.txt # AdwCleaner v2.114 - Logfile created 03/09/2013 at 02:28:39 # Updated 05/03/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Mr. Bojangles - MRBOJANGLES # Boot Mode : Normal # Running from : C:\Documents and Settings\Mr. Bojangles\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder Folder Deleted : C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\64w0fp13.default\adawaretb Folder Deleted : C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\64w0fp13.default\jetpack Folder Deleted : C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\APN Folder Deleted : C:\Documents and Settings\Mr. Bojangles\Start Menu\Programs\Freecorder Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Freecorder Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\TVersitybar Folder Deleted : C:\Program Files\1ClickDownload ***** [Registry] ***** Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Freecorder Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66BD2442-241B-44CD-8C7A-B51037053CDB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\TVersitybar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB} Key Deleted : HKLM\Software\Freecorder Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{156267B6-9225-4A9D-9473-2C89D1AE31B9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C07E1777-905F-4B13-82E4-2B689C3A641F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7E903FB-D2FD-4042-85E5-EFFC4F056FEA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBE965BB-07A3-4927-A0D8-9C32BC3EB4B9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TVersitybar Toolbar Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVersitybar Toolbar Key Deleted : HKLM\Software\TVersitybar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{66BD2442-241B-44CD-8C7A-B51037053CDB}] ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.6000.16762 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-US) File : C:\Documents and Settings\Mr. Bojangles\Application Data\Mozilla\Firefox\Profiles\64w0fp13.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.152 File : C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [4475 octets] - [09/03/2013 02:28:39] ########## EOF - C:\AdwCleaner[s1].txt - [4535 octets] ##########
  22. Re-starting a new thread. here are the scan results. #JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.5 (02.18.2013:1) OS: Microsoft Windows XP x86 Ran by Mr. Bojangles on Sun 02/24/2013 at 22:14:19.36 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2838019926-1718427338-2428480347-1008\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\iminent Successfully deleted: [Registry Key] hkey_current_user\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1060933 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2548838 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2704262 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Mr. Bojangles\Application Data\adawaretb" Successfully deleted: [Folder] "C:\Documents and Settings\Mr. Bojangles\Application Data\pricegong" Successfully deleted: [Folder] "C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\adawarebp" Successfully deleted: [Folder] "C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Program Files\adawaretb" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\free youtube downloader" Successfully deleted: [Folder] "C:\WINDOWS\freecorder" Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\user.js Successfully deleted: [Folder] C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\conduitcommon Successfully deleted: [Folder] C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack Successfully deleted: [Folder] C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Successfully deleted: [Folder] C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} Successfully deleted the following from C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\prefs.js user_pref("CT1060933..clientLogIsEnabled", false); user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true); user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true); user_pref("CT1060933.BrowserCompStateIsOpen_130040833450137909", true); user_pref("CT1060933.CTID", "CT1060933"); user_pref("CT1060933.CurrentServerDate", "24-2-2013"); user_pref("CT1060933.DSInstall", false); user_pref("CT1060933.DialogsAlignMode", "LTR"); user_pref("CT1060933.DialogsGetterLastCheckTime", "Sun Feb 24 2013 06:57:59 GMT+1000"); user_pref("CT1060933.DownloadReferralCookieData", ""); user_pref("CT1060933.FirstServerDate", "16-2-2012"); user_pref("CT1060933.FirstTime", true); user_pref("CT1060933.FirstTimeFF3", true); user_pref("CT1060933.FixPageNotFoundErrors", true); user_pref("CT1060933.GroupingServerCheckInterval", 1440); user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT1060933.HPInstall", false); user_pref("CT1060933.HasUserGlobalKeys", true); user_pref("CT1060933.Initialize", true); user_pref("CT1060933.InitializeCommonPrefs", true); user_pref("CT1060933.InstallationAndCookieDataSentCount", 3); user_pref("CT1060933.InstallationId", "ConduitNSISIntegration"); user_pref("CT1060933.InstallationType", "ConduitXPEIntegration"); user_pref("CT1060933.InstalledDate", "Thu Feb 16 2012 15:31:54 GMT+1000"); user_pref("CT1060933.InvalidateCache", false); user_pref("CT1060933.IsGrouping", false); user_pref("CT1060933.IsInitSetupIni", true); user_pref("CT1060933.IsMulticommunity", false); user_pref("CT1060933.IsOpenThankYouPage", false); user_pref("CT1060933.IsOpenUninstallPage", true); user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Feb 24 2013 10:37:57 GMT+1000"); user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440); user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT1060933.LastLogin_3.10.0.1", "Thu Feb 16 2012 15:31:56 GMT+1000"); user_pref("CT1060933.LastLogin_3.12.2.3", "Mon May 28 2012 08:37:18 GMT+1000"); user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Jul 16 2012 02:25:24 GMT+1000"); user_pref("CT1060933.LastLogin_3.14.1.0", "Tue Aug 21 2012 22:42:45 GMT+1000"); user_pref("CT1060933.LastLogin_3.15.1.0", "Wed Nov 07 2012 10:33:29 GMT+1000"); user_pref("CT1060933.LastLogin_3.16.0.100", "Wed Feb 13 2013 06:17:51 GMT+1000"); user_pref("CT1060933.LastLogin_3.16.0.3", "Sat Jan 05 2013 04:34:35 GMT+1000"); user_pref("CT1060933.LastLogin_3.18.0.7", "Sun Feb 24 2013 18:38:12 GMT+1000"); user_pref("CT1060933.LatestVersion", "3.18.0.7"); user_pref("CT1060933.Locale", "en-us"); user_pref("CT1060933.MCDetectTooltipHeight", "83"); user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT1060933.MCDetectTooltipWidth", "295"); user_pref("CT1060933.MyStuffEnabledAtInstallation", true); user_pref("CT1060933.OriginalFirstVersion", "3.10.0.1"); user_pref("CT1060933.RadioIsPodcast", false); user_pref("CT1060933.RadioLastCheckTime", "Thu Feb 16 2012 15:31:57 GMT+1000"); user_pref("CT1060933.RadioLastUpdateIPServer", "0"); user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000"); user_pref("CT1060933.RadioMediaID", "21504191"); user_pref("CT1060933.RadioMediaType", "Media Player"); user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191"); user_pref("CT1060933.RadioShrinkedFromSetup", false); user_pref("CT1060933.RadioStationName", "KFOG"); user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM"); user_pref("CT1060933.SearchCaption", "Freecorder Customized Web Search"); user_pref("CT1060933.SearchFromAddressBarIsInit", true); user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q="); user_pref("CT1060933.SearchInNewTabEnabled", true); user_pref("CT1060933.SearchInNewTabIntervalMM", 1440); user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sun Feb 24 2013 10:37:57 GMT+1000"); user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"); user_pref("CT1060933.SearchInNewTabUserEnabled", false); user_pref("CT1060933.SendProtectorDataViaLogin", true); user_pref("CT1060933.ServiceMapLastCheckTime", "Sun Feb 24 2013 10:37:57 GMT+1000"); user_pref("CT1060933.SettingsLastCheckTime", "Sun Feb 24 2013 21:38:31 GMT+1000"); user_pref("CT1060933.SettingsLastUpdate", "1361679090"); user_pref("CT1060933.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13"); user_pref("CT1060933.ThirdPartyComponentsInterval", 504); user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Thu Feb 16 2012 15:31:53 GMT+1000"); user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586"); user_pref("CT1060933.ToolbarShrinkedFromSetup", false); user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933"); user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT1060933.UserID", "UN14161264893491318"); user_pref("CT1060933.ValidationData_Toolbar", 1); user_pref("CT1060933.alertChannelId", "15651"); user_pref("CT1060933.autoDisableScopes", -1); user_pref("CT1060933.backendstorage.autocompletepro_enable", "31"); user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31"); user_pref("CT1060933.backendstorage.cbfirsttime", "5468752046656220313620323031322031353A33343A303820474D542B31303030"); user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "5475652046656220323120323031322031353A33343A303720474D542B31303030"); user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961"); user_pref("CT1060933.components.129032145384800518", false); user_pref("CT1060933.components.129272674122038321", false); user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu Feb 16 2012 15:31:55 GMT+1000"); user_pref("CT1060933.homepageProtectorEnableByLogin", true); user_pref("CT1060933.initDone", true); user_pref("CT1060933.isAppTrackingManagerOn", true); user_pref("CT1060933.isFirstRadioInstallation", false); user_pref("CT1060933.myStuffEnabled", true); user_pref("CT1060933.myStuffPublihserMinWidth", 400); user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT1060933.myStuffServiceIntervalMM", 1440); user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT1060933.navigateToUrlOnSearch", false); user_pref("CT1060933.revertSettingsEnabled", true); user_pref("CT1060933.searchProtectorDialogDelayInSec", 10); user_pref("CT1060933.searchProtectorEnableByLogin", true); user_pref("CT1060933.testingCtid", ""); user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sun Feb 24 2013 10:37:57 GMT+1000"); user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Thu Feb 16 2012 15:31:56 GMT+1000"); user_pref("CT1060933.usagesFlag", 2); user_pref("CT2704262..clientLogIsEnabled", false); user_pref("CT2704262..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2704262..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2704262.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT2704262.BrowserCompStateIsOpen_129674822392465408", true); user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true); user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true); user_pref("CT2704262.CTID", "CT2704262"); user_pref("CT2704262.CurrentServerDate", "18-6-2012"); user_pref("CT2704262.DSInstall", false); user_pref("CT2704262.DialogsAlignMode", "LTR"); user_pref("CT2704262.DialogsGetterLastCheckTime", "Tue Jun 19 2012 16:14:25 GMT+1000"); user_pref("CT2704262.DownloadReferralCookieData", ""); user_pref("CT2704262.FeedLastCount129531287796537552", 295); user_pref("CT2704262.FeedPollDate129531287797162554", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162555", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162556", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162557", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162558", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162559", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162560", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedPollDate129531287797162561", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.FeedTTL129531287797162554", 40); user_pref("CT2704262.FeedTTL129531287797162555", 40); user_pref("CT2704262.FeedTTL129531287797162556", 40); user_pref("CT2704262.FeedTTL129531287797162557", 40); user_pref("CT2704262.FeedTTL129531287797162558", 40); user_pref("CT2704262.FeedTTL129531287797162559", 40); user_pref("CT2704262.FeedTTL129531287797162560", 40); user_pref("CT2704262.FeedTTL129531287797162561", 40); user_pref("CT2704262.FirstServerDate", "10-4-2012"); user_pref("CT2704262.FirstTime", true); user_pref("CT2704262.FirstTimeFF3", true); user_pref("CT2704262.FixPageNotFoundErrors", true); user_pref("CT2704262.GroupingServerCheckInterval", 1440); user_pref("CT2704262.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT2704262.HPInstall", false); user_pref("CT2704262.HasUserGlobalKeys", true); user_pref("CT2704262.HomePageProtectorEnabled", false); user_pref("CT2704262.HomepageBeforeUnload", "www.google.com"); user_pref("CT2704262.Initialize", true); user_pref("CT2704262.InitializeCommonPrefs", true); user_pref("CT2704262.InstallationAndCookieDataSentCount", 3); user_pref("CT2704262.InstallationId", "ConduitNSISIntegration"); user_pref("CT2704262.InstallationType", "ConduitXPEIntegration"); user_pref("CT2704262.InstalledDate", "Tue Apr 10 2012 22:51:15 GMT+1000"); user_pref("CT2704262.InvalidateCache", false); user_pref("CT2704262.IsAlertDBUpdated", true); user_pref("CT2704262.IsGrouping", false); user_pref("CT2704262.IsInitSetupIni", true); user_pref("CT2704262.IsMulticommunity", false); user_pref("CT2704262.IsOpenThankYouPage", false); user_pref("CT2704262.IsOpenUninstallPage", true); user_pref("CT2704262.LanguagePackLastCheckTime", "Tue Jun 19 2012 16:14:31 GMT+1000"); user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440); user_pref("CT2704262.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT2704262.LastLogin_3.10.0.455", "Wed Apr 11 2012 06:58:54 GMT+1000"); user_pref("CT2704262.LastLogin_3.13.0.6", "Tue Jun 19 2012 21:14:50 GMT+1000"); user_pref("CT2704262.LatestVersion", "3.13.0.6"); user_pref("CT2704262.Locale", "en"); user_pref("CT2704262.MCDetectTooltipHeight", "83"); user_pref("CT2704262.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2704262.MCDetectTooltipWidth", "295"); user_pref("CT2704262.MyStuffEnabledAtInstallation", true); user_pref("CT2704262.OriginalFirstVersion", "3.10.0.455"); user_pref("CT2704262.RadioIsPodcast", false); user_pref("CT2704262.RadioLastCheckTime", "Tue Apr 10 2012 22:51:16 GMT+1000"); user_pref("CT2704262.RadioLastUpdateIPServer", "3"); user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000"); user_pref("CT2704262.RadioMediaID", "21037024"); user_pref("CT2704262.RadioMediaType", "Media Player"); user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024"); user_pref("CT2704262.RadioShrinkedFromSetup", false); user_pref("CT2704262.RadioStationName", "California%20Rock"); user_pref("CT2704262.RadioStationURL", "hxxp://feedlive.net/california.asx"); user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search"); user_pref("CT2704262.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); user_pref("CT2704262.SearchFromAddressBarIsInit", true); user_pref("CT2704262.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB6&ctid=CT2704262&SearchSource=2&q="); user_pref("CT2704262.SearchInNewTabEnabled", true); user_pref("CT2704262.SearchInNewTabIntervalMM", 1440); user_pref("CT2704262.SearchInNewTabLastCheckTime", "Tue Jun 19 2012 16:14:23 GMT+1000"); user_pref("CT2704262.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2704262.SearchProtectorEnabled", false); user_pref("CT2704262.SearchProtectorToolbarDisabled", false); user_pref("CT2704262.SendProtectorDataViaLogin", true); user_pref("CT2704262.ServiceMapLastCheckTime", "Tue Jun 19 2012 16:14:26 GMT+1000"); user_pref("CT2704262.SettingsLastCheckTime", "Mon Jun 18 2012 20:00:12 GMT+1000"); user_pref("CT2704262.SettingsLastUpdate", "1339926569"); user_pref("CT2704262.TBHomePageUrl", "hxxp://search.conduit.com/?SSPV=FFOB6&ctid=CT2704262&SearchSource=13"); user_pref("CT2704262.ThirdPartyComponentsInterval", 504); user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Tue Apr 10 2012 22:51:13 GMT+1000"); user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1312887586"); user_pref("CT2704262.ToolbarShrinkedFromSetup", false); user_pref("CT2704262.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2704262"); user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2704262.UserID", "UN00167515888583602"); user_pref("CT2704262.ValidationData_Toolbar", 2); user_pref("CT2704262.alertChannelId", "1096603"); user_pref("CT2704262.autoDisableScopes", -1); user_pref("CT2704262.backendstorage.2704262a129531303481232105000000paramsgk0", "7B2275706461746552657154696D65223A313333343039313533343937362C227570646174655265737054696D6522 user_pref("CT2704262.backendstorage.autocompletepro_enable", "31"); user_pref("CT2704262.backendstorage.autocompletepro_enable_auto", "31"); user_pref("CT2704262.backendstorage.cbcountry_000", "4155"); user_pref("CT2704262.backendstorage.cbfirsttime", "5475652041707220313020323031322032323A35323A303220474D542B31303030"); user_pref("CT2704262.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A22687474703A2F2F73746F726167652E636F6E647569742E636F6D2F36322F3237302F43543237303 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat0", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat1", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat2", "2535422537422532327479706525323225334125323272737325323225324325323276657273696F6E25323225334 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat3", "2535426E756C6C2532432537422532327479706525323225334125323272737325323225324325323276657273696 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "322E352E30"); user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000feedsobj", "2537422532326368616E6E656C7325323225334125374225323269642532322533412532326368616E6E656C7 user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "3133333430393135363530313520"); user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E65774665656473"); user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000readitemsarr", "253742253232687474702533412532462532467468656361756375732E626C6F67732E6E7974696D65732 user_pref("CT2704262.backendstorage.shoppingapp.gk.exipres", "53756E2041707220313520323031322032323A35313A353220474D542B31303030"); user_pref("CT2704262.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961"); user_pref("CT2704262.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636F6D2F426F74746C6F2E62696C6C233A3A3A636C69636B68616E646C65723A3A3A3133333430 user_pref("CT2704262.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Tue Apr 10 2012 22:51:16 GMT+1000"); user_pref("CT2704262.homepageProtectorEnableByLogin", true); user_pref("CT2704262.initDone", true); user_pref("CT2704262.isAppTrackingManagerOn", true); user_pref("CT2704262.isFirstRadioInstallation", false); user_pref("CT2704262.myStuffEnabled", true); user_pref("CT2704262.myStuffPublihserMinWidth", 400); user_pref("CT2704262.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2704262.myStuffServiceIntervalMM", 1440); user_pref("CT2704262.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2704262.navigateToUrlOnSearch", false); user_pref("CT2704262.revertSettingsEnabled", true); user_pref("CT2704262.searchProtectorDialogDelayInSec", 10); user_pref("CT2704262.searchProtectorEnableByLogin", true); user_pref("CT2704262.testingCtid", ""); user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Tue Jun 19 2012 16:14:24 GMT+1000"); user_pref("CT2704262.toolbarContextMenuLastCheckTime", "Tue Apr 10 2012 22:51:28 GMT+1000"); user_pref("CT2704262.usagesFlag", 2); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933", "\"2f7efd0688764704a81c286a7b29c59a3\""); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2704262/CT2704262", "\"1dfbd99afb69e73cd3b40315b7aa37411\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1096603/1092307/AU", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AU", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", "\"1359609745\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2704262", "\"1329385171\""); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "m4Df43NZ+9lr21ZNdyYrjA=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "ktZKgREPsk5m13TY9rsX+A=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "9zRvKErdMb8hJOq85ft5Vg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg=="); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80133a6b165cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"801a319dd78ccc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.455", "\"4ead38b3e6bcd1:1308\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15a7\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:160f\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933", "\"ccd90dbc0806c30e56e17c4594b38942\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2704262", "\"d76323372b05c3748a3d6b1c93a98292\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equalizer_dead.gif", "\"0678fe477ac91:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimize.gif", "\"046c7ab477ac91:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gif", "\"0484de117c4c91:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gif", "\"0e7a152347ac91:0\""); user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif", "\"087c778347ac91:0\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"4c814df8d80717195db596ee4f301597\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21ba1682b5b6825cbfd420592a540476\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"2236cdfe2705dc5895ad2e365bf489a6\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"06340703cadb8c5f19897c486ec4a84c\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/14293310.xml", "\"49d913f02077d057531654787492c8e5\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"efed6cdc2ab07bcc980eab4744f3a941\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"7ee4299f7f60fc9b1c62d6ea04af8ebe\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"de5f4a5df80a59e331fbb031b7c301c7\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"1c9e81987908fe10595529d5b338f62b\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"4690df8f5613ad9f6cfc1561f1d12d4b\""); user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"3ffd558e3194a7faa249c6316a858bad\""); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Mr. Bojangles\\Application Data\\Mozilla\\Firefox\\Profiles\\64w0fp13.default\\conduitCommon\ user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.455"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=AL3MCd9NKxyFF0mu4ItXjw&psa=&ind=2010040916&p user_pref("CommunityToolbar.ToolbarsList", "CT1060933,CT2704262"); user_pref("CommunityToolbar.ToolbarsList2", "CT1060933,CT2704262"); user_pref("CommunityToolbar.ToolbarsList4", "CT1060933,CT2704262"); user_pref("CommunityToolbar.globalUserId", "caad3710-a6c3-4e74-8a2c-c3b9647f7a8e"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262"); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 10 2012 22:51:16 GMT+1000"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 10 2012 23:51:39 GMT+1000"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 10 2012 22:51:14 GMT+1000"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "defff216-ca26-4934-af37-01bd17c5df8f"); user_pref("CommunityToolbar.originalHomepage", "www.google.com"); user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Apr 11 2012 06:58:56 GMT+1000"); user_pref("extensions.enabledItems", "jqs@sun.com:1.0,toolbar@ask.com:3.5.2.106,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"); user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZUfox000&ptb=AL3MCd9NKxyFF0mu4ItXjw&ind=2010040916&osp=mws&ptn user_pref("extensions.mywebsearch.prevKwdEnabled", true); user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties"); user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUfox000&ptb=AL3MCd9NKxyFF0mu4ItXjw&psa=&ind=2010040916&ptnrS=ZUfox000&si=&st=kwd&n=77ceca5 Emptied folder: C:\Documents and Settings\Mr. Bojangles\Application Data\mozilla\firefox\profiles\64w0fp13.default\minidumps [4 files] ~~~ Chrome Successfully deleted: [Folder] C:\Documents and Settings\Mr. Bojangles\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 02/24/2013 at 22:25:50.91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #MBAM Malwarebytes' Anti-Malware 1.41 Database version: 2866 Windows 5.1.2600 Service Pack 3 9/28/2009 6:02:51 PM mbam-log-2009-09-28 (18-02-51).txt Scan type: Full Scan (C:\|) Objects scanned: 67967 Time elapsed: 21 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) #DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6000.16762 Run by Mr. Bojangles at 15:45:19 on 2013-02-25 . ============== Running Processes ================ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\Program Files\Zune\WMZuneComm.exe c:\Program Files\Zune\ZuneBusEnum.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe c:\Program Files\Zune\ZuneNss.exe c:\Program Files\Zune\ZuneWlanCfgSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe C:\WINDOWS\system32\M-AudioTaskBarIcon.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Pelmiced.exe C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe C:\WINDOWS\system32\taskkill.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Facebook Update] "c:\documents and settings\mr. bojangles\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [D-Link D-Link DWA-525] c:\program files\d-link\dwa-525 reva\AirNCFG.exe mRun: [WZCSLDR2] c:\program files\d-link\dwa-525 reva\WZCSLDR2.exe mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [myfavoritegadgets] <no file> StartupFolder: c:\docume~1\mr6e0d~1.boj\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mr. bojangles\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\documents and settings\mr. bojangles\start menu\programs\startup\startup concealer outlook.vbs StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Set As Messenger Live Display Picture - c:\program files\msnshell\bin\SetMSNDP.htm IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{1C678FE9-385F-4BBE-849C-DA5C69BC931D} : DHCPNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll Notify: igfxcui - igfxdev.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2013-02-24 12:43:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-02-24 12:14:12 -------- d-----w- c:\windows\ERUNT 2013-02-24 12:13:57 -------- d-----w- C:\JRT 2013-02-08 07:10:46 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-01-29 12:04:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2013-02-24 12:21:09 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-24 12:21:09 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-23 14:00:03 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS 2012-12-14 06:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 15:51:19.08 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.